Back to search
CVE-2026-45731
Published: May 29, 2026
Modified: May 29, 2026
PUBLISHED
Description
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process.
| Vendor | Product | Versions |
|---|---|---|
WWBN | AVideo | affected <= 29.0 |
Weaknesses (CWE)
References
https://github.com/WWBN/AVideo/security/advisories/GHSA-3mjv-375j-6h92
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now