Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

8.1CVSS5.8AI score0.00335EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.11 views

WWBN AVideo 路径遍历漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a path traversal vulnerability. This vulnerability stemmed from the lack of directory restrictions on the import.json.php endpoint, which could allow arbitra...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References2
osv
osv
added 2026/03/20 8:49 p.m.3 views

GHSA-83XQ-8JXJ-4RXM AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

7.1CVSS6AI score0.00335EPSS
Exploits1References4
github
github
added 2026/03/20 8:49 p.m.10 views

AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

8.1CVSS6AI score0.00335EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2020/11/16 12:0 a.m.9 views

Wwbn Avideo Security Breach

Wwbn Avideo is a video platform builder written in PHP by the Wwbn team. A security vulnerability exists in versions of Avideo prior to 8.9, which stems from the import.json.php file having a file deletion vulnerability. This allows for the deletion of configuration.php, which causes certain...

8.8CVSS7.3AI score0.02329EPSS
Exploits0References3
Rows per page
Query Builder