EUVD-2026-16717

AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications...

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

GHSA-PVW4-P2JM-CHJM AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

Summary The remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL LIKE clause. Although intermediate functions new Liveschedule,...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the remindMe.json.php file. An attacker can extract sensitive database contents or modify data by supplying crafted input to the livescheduleid...

CVE-2026-33651

WWBN AVideo contains a Blind SQL Injection in the remindMe.json.php flow for versions up to 26.0. The vulnerability arises when $_REQUEST['live_schedule_id'] is passed through multiple functions without sanitization and is then concatenated into a SQL LIKE by Scheduler_commands::getAllActiveOrToR...

CVE-2026-33651

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...

PT-2026-27184

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The remindMe.json.php endpoint passes the $ REQUEST'live schedule id' variable through multiple functions without proper sanitization. This ultimatel...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the livescheduleid parameter in the remindMe.json.php endpoint, which could...

CVE-2025-13581

A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /scheduleedit1.php. Such manipulation of the argument scheduleid leads to sql injection. The attack may be launched remotely. The exploit is public...

CVE-2025-13581

Summary of CVE-2025-13581 (itsourcecode Student Information System 1.0): The vulnerability resides in an unknown functionality of the file /schedule_edit1.php where manipulating the argument schedule_id enables an SQL injection. It can be exploited remotely, and publicly available exploit materia...

CVE-2025-13581 itsourcecode Student Information System schedule_edit1.php sql injection

A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /scheduleedit1.php. Such manipulation of the argument scheduleid leads to sql injection. The attack may be launched remotely. The exploit is public...