CVE-2026-45731
WWBN AVideo: Authenticated Arbitrary File Read in view/update.php
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process.
| CWE | CWE-22 |
| Vendor | wwbn |
| Product | avideo |
| Published | May 29, 2026 |
| Last Updated | May 29, 2026 |
Stay Ahead of the Next One
Get instant alerts for wwbn avideo
Be the first to know when new unknown vulnerabilities affecting wwbn avideo are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WWBN / AVideo
<= 29.0