CVE-2026-33293 | WWBN AVideo up to 25.x cloneServer.json.php unlink deleteDump path traversal

Inserito da Angelo Barbosa | Mar 22, 2026 | CVE

A vulnerability has been found in WWBN AVideo up to 25.x and classified as critical. Impacted is the function unlink of the file plugin/CloneSite/cloneServer.json.php. Performing a manipulation of the argument deleteDump results in path traversal.

This vulnerability is reported as CVE-2026-33293. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-33293 | WWBN AVideo up to 25.x cloneServer.json.php unlink deleteDump path traversal

Post correlati

CVE-2025-0412 | Luxion KeyShot Viewer 12.1.1.11 KSP File Parser memory corruption (ZDI-23-1716)

CVE-2024-22358 | IBM UrbanCode Deploy/DevOps Deploy session expiration (XFDB-280896)

CVE-2023-28738 | Intel NUC BIOS prior JY0070 input validation (intel-sa-01009)

CVE-2024-44849 | Qualitor up to 8.24 checkAcesso.php unrestricted upload