CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

CVE-2025-34434

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

CVE-2025-34434 AVideo < 20.1 ImageGallery Plugin Unauthenticated File Upload and Deletion

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload ...

CVE-2025-34434

CVE-2025-34434 affects AVideo versions prior to 20.1 with the ImageGallery plugin enabled. The vulnerability arises from image gallery endpoints that fail to enforce authentication and ownership checks, enabling unauthenticated actors to upload or delete images for any video. Red Hat and NVD entr...

PT-2025-51886

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.0 Description The AVideo software, when used with the ImageGallery plugin enabled, has a security issue. Unauthenticated attackers can upload or delete images associated with any video due to missing authentication...

Keyvan1 ImageGallery Database Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13630/info Keyvan1 ImageGallery is prone to an access validation vulnerability that could allow the underlying database to be downloaded. http://www.example.com/path/image.mdb...

Code injection

The Site Editor aka SiteBuilder feature in Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated b...

CVE-2005-1645

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

CVE-2005-1645

The CVE describes a vulnerability in Keyvan1 ImageGallery where the image.mdb database is stored under the web document root with insufficient access control, allowing remote attackers to read sensitive information. Impact: partial confidentiality loss. The connected documents do not provide expl...

CVE-2005-1645

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

[SA15362] ImageGallery system Exposure of User Credentials

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: ImageGallery system Exposure of User Credentials SECUN...

Keyvan1 ImageGallery - Database Disclosure

Keyvan1 ImageGallery - Database Disclosure source: https://www.securityfocus.com/bid/13630/info Keyvan1 ImageGallery is prone to an access validation vulnerability that could allow the underlying database to be downloaded. http://www.example.com/path/image.mdb...

Keyvan1 ImageGallery - Database Disclosure

source: https://www.securityfocus.com/bid/13630/info Keyvan1 ImageGallery is prone to an access validation vulnerability that could allow the underlying database to be downloaded. http://www.example.com/path/image.mdb...