Lucene search
K

12 matches found

Snyk
Snyk
added 2026/05/18 1:30 p.m.9 views

Improper Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Authorization via the mention.json.php process. An attacker can enumerate user information by sending unauthenticated requests that match the required inp...

6.9CVSS5.8AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/22 5:6 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the commentDelete.json.php process. An attacker can cause unauthorized deletion of comments by tricking an authenticated user...

5.4CVSS5.4AI score0.00113EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:23 p.m.8 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the trygetcontentsfromlocal function. An attacker can access arbitrary files on the server filesystem by supplying specially crafted URLs...

7.1CVSS6.3AI score0.00718EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:22 p.m.8 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the isSSRFSafeURL function. An attacker can access internal services and exfiltrate sensitive data by supplying a crafted URL...

7.7CVSS5.8AI score0.003EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 11:21 p.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the deleteDump parameter in the cloneServer.json.php process. An attacker can delete arbitrary files on the server by supplying path...

8.1CVSS6.4AI score0.00469EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/14 10:49 p.m.13 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the locale/save.php process. An attacker can write arbitrary PHP files to any web-accessible directory and execute code by supplying crafte...

8.7CVSS6.5AI score0.00656EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:8 a.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the downloadURLgifimage parameter in the GIF poster upload process. An attacker can access and disclose arbitrary server-local files by...

7.6CVSS6.3AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 6:7 p.m.9 views

Brute Force

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Brute Force via the getapivideopasswordiscorrect API endpoint, which allows unauthenticated users to verify passwords for protected videos without rate limiting or...

6.9CVSS5.8AI score0.0032EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/20 8:56 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the markDownToHTML function. An attacker can execute arbitrary JavaScript in the context of another user's browser session by crafting ...

5.4CVSS5.8AI score0.00218EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/20 8:56 p.m.3 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unlockPassword parameter in the forbiddenPage.php and warningPage.php templates. An attacker can execute arbitrary JavaScript in t...

9.3CVSS5.8AI score0.00231EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/19 4:43 p.m.3 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the videoDirectory parameter in the hls.php file. An attacker can access and stream private or paid video content by supplying a crafted pa...

8.7CVSS6.4AI score0.00688EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 8:5 p.m.5 views

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the innerHTML process. An attacker can execute arbitrary JavaScript in a victim's browser by tricking the victim into visiting a craft...

6.1CVSS5.8AI score0.00317EPSS
Exploits1References2
Rows per page
Query Builder