2 matches found
CVE-2026-33507
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...
CVE-2026-33507
creationtimestamp| type| source ---|---|--- 2026-03-20 18:43:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-hv36-p4w4-6vmj 2026-03-20 18:43:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-hv36-p4w4-6vmj...