643 matches found
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the videoDirectory parameter in the hls.php file. An attacker can access and stream private or paid video content by supplying a crafted pa...
GHSA-PW4V-X838-W5PG AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...
AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...
EUVD-2026-11834
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...
CVE-2026-32348
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...
CVE-2026-32348
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...
CVE-2026-32348
The CVE-2026-32348 entry concerns the WordPress MAS Videos plugin (masvideos) with a Missing Authorization vulnerability due to incorrectly configured access control security levels. It affects MAS Videos versions up to and including 1.3.2. The connected documents substantiate the vulnerability d...
CVE-2026-32348 WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...
CVE-2026-32348 WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...
WordPress plugin MAS Videos 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
CVE-2026-28501
CVE-2026-28501 concerns the open‑source video platform WWBN AVideo. A unauthenticated SQL injection exists in the components objects/videos.json.php and objects/video.php due to improper sanitization of the catName parameter when supplied in a JSON POST body. JSON input is parsed and merged into ...
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 24.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper cleaning of the catName parameter in the objects/videos.json.php and objects/video.ph...
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the catName parameter in JSON-formatted POST requests to objects/videos.json.php and objects/video.php. An attacker can execute arbitrary SQL...
AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...
GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...
CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Automatic Featured Images from Videos versions = 1.2.7...
CVE-2026-24535
Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...