PT-2026-27167 · Unknown+1 · Url2Embed.Json.Php+1
Ahmad-Jarwan
·
Publicado
2026-03-20
·
Atualizado
2026-03-23
·
CVE-2026-33512
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AVideo versions prior to 26.1
Description
AVideo is an open source video platform. Versions up to and including 26.0 have an API plugin that exposes a
decryptString action without authentication. This allows anyone to submit ciphertext and receive plaintext. The ciphertext is publicly available, for example, through the /view/url2Embed.json.php endpoint, enabling unauthorized recovery of protected tokens and metadata.Recommendations
Update to version 26.1 or later.
Exploit
Correção
Improper Authentication
Inadequate Encryption Strength
Cleartext Storage of Sensitive Information
Use of a Broken Cryptographic Algorithm
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Avideo
Url2Embed.Json.Php