{“lastseen”:””,”description”:”AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.”,”published”:”2025-12-17T19:50:12.666Z”,”modified”:”2025-12-17T19:50:12.666Z”,”type”:”cve”,”title”:”AVideo \\u003c 20.0 IDOR Arbitrary File Upload”,”source”:”VulnCheck”,”references”:”https:\/\/github.com\/WWBN\/AVideo\/commit\/4a53ab2056\\nhttps:\/\/github.com\/WWBN\/AVideo\/commit\/c279999cbd\\nhttps:\/\/www.vulncheck.com\/advisories\/avideo-idor-arbitrary-file-upload”,”id”:”CVE-2025-34436″,”bulletinFamily”:””,”cwe”:[“CWE-639″],”cvelist”:null,”sourceData”:”World Wide Broadcast Network AVideo 0″,”sourceHref”:””,”cvss”:{“score”:8.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”AVideo”,”version”:”0″,”vendor”:”World Wide Broadcast Network”,”ai_description”:”Insecure direct object reference vulnerability allowing authenticated users to upload files into other users’ directories”,”ai_severity”:”High”,”ai_vendor”:”World Wide Broadcast Network”,”ai_product”:”AVideo”,”ai_version”:”\\u003c 20.0″,”ai_score”:8.7}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,19,12,15,13,7,11,5],"class_list":["post-31599","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-87","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n