CVE-2026-33681 | WWBN AVideo up to 26.0 Parameter pluginRunDatabaseScript.json.php getDatabaseFileName path traversal

Inserito da Angelo Barbosa | Mar 23, 2026 | CVE

A vulnerability labeled as critical has been found in WWBN AVideo up to 26.0. Affected by this vulnerability is the function Plugin::getDatabaseFileName of the file objects/pluginRunDatabaseScript.json.php of the component Parameter Handler. The manipulation of the argument Name results in path traversal.

This vulnerability is reported as CVE-2026-33681. The attack can be launched remotely. No exploit exists.

It is advisable to implement a patch to correct this issue.

CVE-2026-33681 | WWBN AVideo up to 26.0 Parameter pluginRunDatabaseScript.json.php getDatabaseFileName path traversal

Post correlati

CVE-2024-57097 | ClassCMS 4.8 class/admin/channel.php cross site scripting

CVE-2024-43479 | Microsoft Power Automate for Desktop access control

CVE-2024-11252 | Social Sharing Plugin up to 3.3.69 on WordPress heateor_mastodon_share cross site scripting

CVE-2026-2823 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET&section=ntp_timezone sub_41ACCC timestr command injection