4 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...
CVE-2026-8679 AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...
GHSA-75QQ-68M8-PVFR AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents
Summary The objects/playlistsVideos.json.php endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists including watchlater and favorite types are correctly hidden from listing endpoints via playlistsFromUser.json.php, but...
UBUNTU-CVE-2024-47828
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...