Tag
high
advisory
AVideo CDN Plugin Unauthenticated Configuration Modification
2 rules 3 TTPsAVideo is vulnerable to unauthenticated configuration modification in its CDN plugin due to a bypassed key validation check when the default empty key is used, allowing modification of CDN URLs, storage credentials, and the authentication key itself.
AVideo
cdn
configuration-modification
vulnerability
2r
3t
high
advisory
OmniFaces EL Injection Vulnerability via Crafted Resource Name
2 rules 1 TTPA server-side EL injection vulnerability exists in OmniFaces when using CDNResourceHandler with wildcard CDN mappings, allowing attackers to inject EL expressions in resource names leading to potential remote code execution, information disclosure, or denial of service.
OmniFaces
el-injection
rce
cdn
2r
1t