Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.4 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS6AI score0.00492EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 5:16 p.m.6 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS0.00492EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 4:13 p.m.27 views

CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS0.00492EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:13 p.m.2 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

7.1CVSS6AI score0.00492EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/27 4:13 p.m.16 views

CVE-2026-33770

Summary: CVE-2026-33770 affects WWBN/AVideo up to version 26.0, where fixCleanTitle() in objects/category.php interpolates user-controlled data directly into a SQL query, enabling SQL injection when creating or renaming categories. The vulnerability stems from building the query with $clean_title...

9.8CVSS6AI score0.00492EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/26 6:15 p.m.6 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the fixCleanTitle function. An attacker can access sensitive database information by injecting crafted input into the cleantitle or id parameters...

9.8CVSS6AI score0.00492EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.8 views

PT-2026-28538

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating the $clean title and $id variables into the query string without using prepare...

7.1CVSS5.9AI score0.00492EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-18198 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory...

4.3CVSS9.3AI score0.0034EPSS
Exploits0References7
Rows per page
Query Builder