An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

Affected Packages

Packagist wwbn/avideo

Affected versions: 12.4 (fixed in 14.3)

Related CVEs

CVE-2024-31819

Key Information

GHSA ID

GHSA-mv5w-wr5c-575p

Published

April 10, 2024 9:30 PM

Last Modified

August 29, 2024 6:03 PM

CVSS Score

9.0 /10

Primary Ecosystem

Packagist

Primary Package

wwbn/avideo

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.