Lucene search
+L

4 matches found

cve
cve
added 2026/05/29 1:14 p.m.35 views

CVE-2026-45578

CVE-2026-45578 : OS command injection in WWBN/AVideo’s on_publish.php (YPTSocket path). The code builds an execAsync() command by string-concatenating three values, wrapping each in literal single quotes ('$users_id', '$m3u8', '{$obj->liveTransmitionHistory_id}'), but does not apply escapeshel...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/29 1:14 p.m.11 views

CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1
osv
osv
added 2026/05/29 1:14 p.m.3 views

CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS6AI score0.00318EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/23 12:0 a.m.13 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of SQL queries within the onpublish.php callback function, which coul...

7.5CVSS5.8AI score0.00468EPSS
Exploits1References2
Rows per page
Query Builder