PT-2026-34062 · Wwbn · Avideo
Published
2026-04-14
·
Updated
2026-04-27
·
CVE-2026-40908
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WWBN AVideo versions 29.0 and earlier
Description
The file 'git.json.php' located at the web root executes the
git log -1 command and returns the full output as JSON to unauthenticated users. This leads to the exposure of the deployed commit hash, developer names, email addresses, and commit messages, which may contain references to internal systems or security fixes.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo