CVE-2026-39369

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

CVE-2023-49862

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLgifimage parameter...

CVE-2023-49862

The CVE-2023-49862 issue affects WWBN AVideo (dev master, commit 15fed957fb) in the image upload helper objects/aVideoEncoderReceiveImage.json.php. The root cause is a server-side file read via image URL handling: the code allows arbitrary local file reads by constructing a local path from the po...

WWBN AVideo Security Breach

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo, which originates from an information disclosure vulnerability in the image upload method of the aVideoEncoderReceiveImage.json.php page...