CVE-2022-32769 Multiple authentication bypass vulnerabilities in WWBN AVideo 11.6 and dev master commit 3f7c0364

An attacker needs to know the email address of the user or have access to the user's account. In order to exploit this vulnerability, an attacker needs to send a specially-crafted HTTP request to the system. This can be done by sending an email to the specified address or by logging into the system as the user. An attacker can send an HTTP request with a special header to trigger this vulnerability. This can be done by injecting a malicious script in the URL or by changing the HTTP header. This leads to unauthorized access and takeover of resources. This can be exploited by sending an email with a specially-crafted header to the user. An attacker can send an email with a specially-crafted header to the user. This can be done by injecting a malicious script in the URL or by changing the email header. This leads to unauthorized access and takeover of resources. This can be exploited by sending an email with a specially-crafted header to the user. An attacker can send an email with a specially-crafted header to the user. This can be done by injecting a malicious script in the URL or by changing the email header. This leads to unauthorized access and takeover of resources. This can be exploited by sending an email with a specially-crafted header to the user. An attacker can send an email with a specially-crafted header to the user. This can be done by injecting a malicious script in the URL or by changing the email header

Overview

Email header can be manipulated in order to exploit this vulnerability. An attacker needs to send an email with a specially-crafted header to the user. The attacker needs to know the email address of the user or have access to the user's account because only an authorized individual has permission to trigger this vulnerability. If an attacker knows the email address, they can send an email with a specially-crafted header and trigger this vulnerability. If an attacker is able to log into the system as the user, they can send an HTTP request with a special header that triggers this vulnerability. This leads to unauthorized access and takeover of resources.
The following is a proof-of-concept exploit:

Vulnerable URLs http://www.example.com/

https://www.example.com/
http://example.com/

Timeline

Published on: 08/22/2022 19:15:00 UTC
Last modified on: 08/24/2022 18:16:00 UTC

References

• https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql
• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1536
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32769