18 matches found
CVE-2026-41058
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
CVE-2026-41058
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
EUVD-2026-24535
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...
CVE-2026-41058
WWBN AVideo (open source video platform) is affected in versions 29.0 and below by an incomplete fix for a path-traversal issue in the CloneSite deleteDump parameter. The vulnerability allows an attacker to cause unlink() of arbitrary files via GET parameter ../../ sequences due to missing path-t...
WWBN AVideo 路径遍历漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a path traversal vulnerability. This vulnerability stemmed from incomplete repairs to the CloneSite deleteDump parameter, without applying path traversal...
PT-2026-34204
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description An incomplete fix in the CloneSite feature allows for the deletion of arbitrary files. The deleteDump parameter in a GET request does not properly filter path traversal sequences, such as ../.....
WWBN AVideo has an incomplete fix for CVE-2026-33293: Path Traversal
Summary The incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Affected Package - Ecosystem: Other - Package: AVideo - Affected versions: = commit 941decd6d19e Details At...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the deleteDump parameter in the cloneServer.json.php process. An attacker can delete arbitrary files on the server by supplying path...
CVE-2026-33293
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
CVE-2026-33293
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
CVE-2026-33293
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...
WWBN AVideo 路径遍历漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the deleteDump parameter in the cloneServer.json.php file being passed directly to the unlink...
Directory Traversal
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the deleteDump parameter in cloneServer.json.php. An attacker can delete arbitrary files on the server, including critical configuration an...