CVE-2026-41060

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

CVE-2026-33351

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...

PT-2024-39938 · Team+ · Team+

Name of the Vulnerable Software and Affected Versions: Team+ versions 13.5.x Description: The issue arises from the improper validation of a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access the...

GHSA-2XPQ-XP6C-5MGJ Contao affected by insert tag injection via canonical URL

Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Disable canonical tags in the settings of the website root page. References...

CVE-2022-26675

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory...

CVE-2022-26675 aEnrich a+HRD - Path Traversal

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory...

aEnrich a+HRD 路径遍历漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from insufficient filtering of special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform a path traversal...

CVE-2022-26675

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under website root directory...

SchoolCMS v2.3.1 Arbitrary File Deletion Vulnerability

SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS v2.3.1 suffers from an arbitrary file deletion vulnerability. An attacker can use the vulnerability to delete any folder in the root directory of a website or the root directory of a website...

EspCMS 后台登录绕过漏洞再利用(再利用！)

简要描述： 声明下，此漏洞0413提交到360漏洞平台，之后0422官方修复了该漏洞。 现在提交到wooyun是绕过官方修复的方法，继续利用。 可以算是老漏洞提死回生，不应该算是同一个漏洞提交到两个地方，希望有关部门能够明白，尽管代码非常像。 详细说明：...