5.3
/ 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die() statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors.
Basic Information
ID
CVE-2026-35449
Source
GitHub_M
Published
Apr 6, 2026 at 21:46
Modified
Apr 7, 2026 at 13:28
Affected Product
Vendor
WWBN
Product
AVideo
Version
<= 26.0
Affected Versions
WWBN AVideo <= 26.0