3 matches found
CVE-2026-33492
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's sessionstart function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when th...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to authorization issues. These vulnerabilities stemmed from fixed session IDs and bypasses of session regeneration, which could lead ...
PT-2026-26776
Summary AVideo's session start function accepts arbitrary session IDs via the PHPSESSID GET parameter and sets them as the active PHP session. A session regeneration bypass exists for specific blacklisted endpoints when the request originates from the same domain. Combined with the explicitly...