5 matches found
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure
WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure
WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...
CVE-2026-30885
WWBN AVideo prior to version 25.0 exposes an unauthenticated IDOR in the /objects/playlistsFromUser.json.php endpoint, allowing an attacker to enumerate user IDs and retrieve all playlists for any user, including playlist names, video IDs, and status. Root cause is lack of authentication/authoriz...
PT-2026-24090
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 25.0 Description The /objects/playlistsFromUser.json.php endpoint does not require authentication or authorization, allowing an unauthenticated attacker to enumerate user IDs and retrieve playlist information, includin...
PT-2026-7672
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the use...