CVE-2026-33513

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from lack of path normalization and allowlist checks in the locale API endpoint, which could lead to...

cPanel Cross-Site Scripting Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A cross-site scripting vulnerability in the cPanel WHM Upload Locale interface allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitiv...

SA-CONTRIB-2010-022 - Internationalization - Arbitrary code execution

The Internationalization module enables translation of user defined strings using Drupal's locale interface. Some of these user defined strings have Input formats associated with them. As translators can translate texts before they go through the Input filters, using some filters like the PHP...