Miggo Logo
Miggo Vulnerability Database
CVE-2023-50172

CVE-2023-50172: WWBN AVideo recovery notification bypass vulnerability

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-50172
GHSA ID
GHSA-8m5f-2xvp-2c8w
EPSS Score
0.40551%
CWE
CWE-640
Published
1/10/2024
Updated
1/12/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
wwbn/avideocomposer<= 12.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises because the userRecoverPass.php script calls setRecoverPass() to generate and save a recovery code (via $user->save()) before validating the captcha. This sequence allows the recovery code to persist in the database regardless of whether the captcha is valid. The Talos report explicitly identifies this flawed logic flow, where the recovery code is created first, making the system vulnerable to silent recovery code generation. The setRecoverPass function is directly responsible for generating the code, and its invocation prior to validation is the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r**ov*ry noti*i**tion *yp*ss vuln*r**ility *xists in t** us*rR**ov*rP*ss.p*p **pt*** v*li**tion *un*tion*lity o* WW*N *Vi**o **v m*st*r *ommit **********. * sp**i*lly *r**t** *TTP r*qu*st **n l*** to sil*ntly *r**t* * r**ov*ry p*ss *o** *or *ny us*

Reasoning

T** vuln*r**ility *ris*s ****us* t** `us*rR**ov*rP*ss.p*p` s*ript **lls `s*tR**ov*rP*ss()` to **n*r*t* *n* s*v* * r**ov*ry *o** (vi* $us*r->s*v*()) ***or* v*li**tin* t** **pt***. T*is s*qu*n** *llows t** r**ov*ry *o** to p*rsist in t** **t***s* r***r