11 matches found
CVE-2026-33352
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...
CVE-2026-33352
CVE-2026-33352 affects WWBN AVideo (pre-26.0). An unauthenticated SQL injection exists in objects/category.php::getAllCategories() via the doNotShowCats parameter. The code only strips single quotes and does not neutralize backslashes, allowing boundary-shifting in the SQL built by string concate...
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...
CVE-2026-33352
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the allCategories method in the objects/category.php file, which had unvalidated SQL injections. As ...
GHSA-MCJ5-6QR4-95FJ AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
Summary An unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but this is trivially bypassed using a backslash escape techniqu...
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
Summary An unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but this is trivially bypassed using a backslash escape techniqu...
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getAllCategories function via the doNotShowCats parameter due to insufficient sanitization, where only single quotes are stripped but...
PT-2026-26489
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.0 Description AVideo, an open source video platform, contains an unauthenticated SQL injection flaw in the objects/category.php file within the getAllCategories method. The doNotShowCats request parameter undergoes...