CVE-2026-33038 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfigurat…
High CVSS: 8.1

CVE-2026-33038

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initialization: database setup, admin account creation, and configuration file write, all from an unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized deployments, any remote attacker can complete the installation with attacker-controlled credentials and an attacker-controlled database, gaining full administrative access. This issue has been fixed in version 26.0.
Vendor
Wwbn
Product
Avideo
CWE
CWE-306
Yayın Tarihi
2026-03-20 06:16:11
Güncelleme
2026-03-23 16:24:08
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-306 Avideo HIGH Wwbn 2026

Referanslar

https://github.com/WWBN/AVideo/commit/b3fa7869dcb935c8ab5c001a88dc29d2f92cf8e1 https://github.com/WWBN/AVideo/security/advisories/GHSA-2f9h-23f7-8gcx https://github.com/WWBN/AVideo/security/advisories/GHSA-2f9h-23f7-8gcx