CVE-2026-33025
- EPSS 0.03%
- Veröffentlicht 20.03.2026 05:02:09
- Zuletzt bearbeitet 24.03.2026 16:32:11
AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost() method of Object.php. The $_POST['sort'] array keys are used directly as SQL column identifiers inside an ORDER BY clause. Althoug...
CVE-2026-33024
- EPSS 0.08%
- Veröffentlicht 20.03.2026 04:58:47
- Zuletzt bearbeitet 24.03.2026 16:41:02
AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability (CWE-918) in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode...
CVE-2026-29058
- EPSS 50.86%
- Veröffentlicht 06.03.2026 07:16:02
- Zuletzt bearbeitet 10.03.2026 19:14:24
AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server comp...