Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/23 6:38 p.m.4 views

CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

8.1CVSS5.9AI score0.00347EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/23 6:38 p.m.27 views

CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

8.1CVSS0.00347EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:38 p.m.18 views

CVE-2026-33651

WWBN AVideo contains a Blind SQL Injection in the remindMe.json.php flow for versions up to 26.0. The vulnerability arises when $_REQUEST['live_schedule_id'] is passed through multiple functions without sanitization and is then concatenated into a SQL LIKE by Scheduler_commands::getAllActiveOrToR...

8.8CVSS5.9AI score0.00347EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/23 6:38 p.m.6 views

CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

8.1CVSS6AI score0.00347EPSS
Exploits1References4
Rows per page
Query Builder