CVE-2026-34395 in AVideoinformation

Résumé (Anglaise)

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and wallet balances to any authenticated user. The endpoint checks User::isLogged() but does not check User::isAdmin(), so any registered user can dump the full user database. At time of publication, there are no publicly available patches.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub_M

Réserver

27/03/2026

Divulgation

01/04/2026

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
354512	WWBN AVideo Endpoint isLogged élévation de privilèges	862	Non défini	Non défini	CVE-2026-34395

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!