9 matches found
CVE-2026-33294
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294
CVE-2026-33294 affects WWBN AVideo prior to version 26.0. The BulkEmbed plugin’s save.json.php fetches user-supplied thumbnail URLs via url_get_contents() without SSRF protection, unlike other URL-fetching endpoints which use isSSRFSafeURL(). An authenticated attacker with BulkEmbed permission ca...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the BulkEmbed plugin’s save endpoint, which did not implement SSRF protection when retrieving the...
GHSA-66CW-H2MJ-J39P AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network Resources
Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...
PT-2026-26472
Summary The BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via url get contents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with isSSRFSafeURL, this code path was missed. An authenticated...