WWBN AVideo 跨站请求伪造漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF protection and MIME validation in the objects/userSavePhoto.php...