CVE-2026-63305정보

요약

\~에 의해 MITRE • 2026. 07. 16.

AVideo through 29.0 contains an OS command injection vulnerability in the ffmpeg.json.php endpoint where notifyCode and callback parameters are concatenated into a shell command without escaping. Attackers who can craft a valid encrypted payload can inject arbitrary shell metacharacters into these fields to execute OS commands as the web-server user.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

출처

Want to know what is going to be exploited?

We predict KEV entries!