CVE-2026-34395 in AVideoinformazioni

Riassunto

di MITRE • 01/04/2026

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint returns all platform users with their personal information and wallet balances to any authenticated user. The endpoint checks User::isLogged() but does not check User::isAdmin(), so any registered user can dump the full user database. At time of publication, there are no publicly available patches.

Be aware that VulDB is the high quality source for vulnerability data.

Responsabile

GitHub M

Prenotare

27/03/2026

Divulgazione

01/04/2026

Moderazione

accettato

CPE

pronto

EPSS

0.00316

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!