GHSA-WWPW-HRX8-79R5 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

CVE-2026-34733

CVE-2026-34733 (AVideo) : AVideo proves vulnerable in versions ≤26.0 via the file install/deleteSystemdPrivate.php, which contains a PHP operator precedence bug in its CLI guard. The check uses !php_sapi_name() === 'cli', which, due to precedence, is always false, allowing unauthenticated HTTP ac...