CVE-2020-23489
AVideo vulnerable to Improper Privilege Management
8.8
HIGH
CVSS 3.1
EPSS 5.0%
Description
The import.json.php file before 8.9 for AVideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, causing certain privilege checks to not be in place, leading to privilege escalation to admin. Local File Inclusion may also leak credentials and important files. ### Patches Upgrade to version 8.9
How to fix CVE-2020-23489
To remediate CVE-2020-23489, upgrade the affected package to a fixed version below.
- —upgrade to 8.9 or later
Is CVE-2020-23489 being exploited?
Moderate — EPSS is 5.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 8.9
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |