2 matches found
CVE-2026-47696 WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint
WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...
CVE-2026-47696
creationtimestamp| type| source ---|---|--- 2026-05-19 15:01:00+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-9392-pj54-qqf8 2026-05-29 17:35:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmz35lsz4e23 2026-06-04 19:40:55+00:00| seen|...