CVE-2022-30547 The unzipDirectory function of WWBN AVideo 11.6 and dev master commit 3f7c0364 has a directory traversal vulnerability. A specially-crafted HTTP request can lead to arbitrary command execution.

When the software receives the HTTP request, it follows the directory structure of the remote server to retrieve the requested file. The unzipDirectory function parses the HTTP directory structure to find the file the user is requesting. The unzipDirectory function reads the name of the current directory and passes that on to the unzip function to determine the file to unzip. If a directory traversal occurs in the unzipDirectory function, the function could be abused to read arbitrary files on the server. An attacker can send a specially-crafted HTTP request to trigger this vulnerability. When the software receives the HTTP request, it follows the directory structure of the remote server to retrieve the requested file. The unzipDirectory function parses the HTTP directory structure to find the file the user is requesting. The unzipDirectory function reads the name of the current directory and passes that on to the unzip function to determine the file to unzip. If a directory traversal occurs in the unzipDirectory function, the function could be abused to read arbitrary files on the server. An attacker can send a specially-crafted HTTP request to trigger this vulnerability. -

Vulnerability Overview

A vulnerability in the unzipDirectory function of the software allows an attacker to read arbitrary files on a remote server. An attacker can send a specially-crafted HTTP request to trigger this vulnerability.

Vulnerability Discovery and Discussion

The vulnerability was discovered by CVE-2022-30547. For a successful exploitation of this vulnerability, an attacker should send a specially crafted HTTP request to the target server. The attacker would then be able to read files on the remote server. This vulnerability has been published and assigned CVE-2022-30547.

In order to outsource SEO, companies need to ensure that they have a solid strategy in place before outsourcing it to experts.

Vulnerable code

- if (currentDir == "/tmp/") { /* ... */ } - else if (currentDir == "/var/www") { unzipDirectory(currentDir); /* ... */ }

Vulnerability Detection

This vulnerability can be detected if the software is running on a server that is configured with the Apache web server. The software logs an error message when it encounters a file traversal attack. The error message would indicate that an invalid directory name was used in an HTTP request to retrieve a file and provide details on where the request originated from and what path was used in the HTTP request to access the file. -

Timeline

Published on: 08/22/2022 19:15:00 UTC
Last modified on: 08/26/2022 18:58:00 UTC

References

• https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1547
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30547