CNNVD-202512-3236 Information
CNNVD ID
CNNVD-202512-3236
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在安全漏洞,该漏洞源于端点缺少所有权检查,可能导致经过身份验证的用户向其他用户的视频上传评论图片。
Description (English)
AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. Prior to AVideo 20.0, there was a security loophole, which stemmed from the lack of ownership checks at the endpoint, which could lead to the uploading of video comment pictures to other users by identity-certified users.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
World Wide Broadcast Network
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/WWBN/AVideo/commit/d411f91805 https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://www.vulncheck.com/advisories/avideo-idor-arbitrary-comment-image-upload https://github.com/WWBN/AVideo/commit/4a53ab2056 https://access.redhat.com/security/cve/cve-2025-34437
Patch
https://github.com/WWBN/AVideo
Share on: