Lucene search
K

7 matches found

EUVD
EUVD
added 2026/03/29 3:41 p.m.5 views

EUVD-2026-16717

AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications...

5.4CVSS5.9AI score0.00243EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References1
OSV
OSV
added 2026/03/25 5:50 p.m.8 views

GHSA-PVW4-P2JM-CHJM AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

Summary The remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL LIKE clause. Although intermediate functions new Liveschedule,...

8.1CVSS6AI score0.00347EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 5:50 p.m.3 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the remindMe.json.php file. An attacker can extract sensitive database contents or modify data by supplying crafted input to the livescheduleid...

8.8CVSS6AI score0.00347EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:38 p.m.4 views

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

8.1CVSS5.9AI score0.00347EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.8 views

PT-2026-27184

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The remindMe.json.php endpoint passes the $ REQUEST'live schedule id' variable through multiple functions without proper sanitization. This ultimatel...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the livescheduleid parameter in the remindMe.json.php endpoint, which could...

8.8CVSS6AI score0.00347EPSS
Exploits1References2
Rows per page
Query Builder