CVE-2026-63305info

Zusammenfassung

von MITRE • 16.07.2026

AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into these fields to execute OS commands as the web-server user.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Veröffentlichung

16.07.2026

Moderieren

wird geprüft

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you want to use VulDB in your project?

Use the official API to access entries easily!