CVE-2026-41064

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.1

Description An incomplete fix in the 'test.php' file allows for unsanitized input. While the wget path was secured using escapeshellarg, the file get contents and curl code paths remain unsanitized. Additionally, the URL validation regular expression /^http/ is insufficient as it accepts strings such as 'httpevil[.]com'.

Recommendations Update to a version that includes commit 78bccae74634ead68aa6528d631c9ec4fd7aa536.