2 matches found
CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...
CVE-2026-40909
creationtimestamp| type| source ---|---|--- 2026-04-13 12:19:46+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-6rc6-p838-686f 2026-04-21 21:27:33+00:00| published-proof-of-concept| Telegram/PLPaRbcJDaPiLP6CzuoYppan71AlFD-MBdwXLbLZgMJCSE 2026-04-23...