9 matches found
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
EUVD-2025-204542
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433 AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433
AVideo 14.3.1–20.0.x isaffected by an unauthenticated RCE due to insecure salt generation: installation salt is created with PHP uniqid(), and the installation timestamp plus a derived hashId are exposed publicly, enabling offline brute-forcing of the remaining entropy to recover the salt. Attack...
CVE-2025-34433 AVideo < 20.1 Unauthenticated RCE via Predictable Installation Salt
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
PT-2025-52457
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description The software contains an unauthenticated remote code execution issue resulting from predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public...