CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes $REQUEST'livescheduleid' through multiple functions without sanitization until it reaches Schedulercommands::getAllActiveOrToRepeat, which directly concatenates it into a SQL...