4 matches found
CVE-2026-35452
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...
CVE-2026-35452
WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...
AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...
PT-2026-30336
Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...