CNNVD-202512-3239 Information
CNNVD ID
CNNVD-202512-3239
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
AVideo是World Wide Broadcast Network开源的一个广播网络创建工具。 AVideo 20.0之前版本存在访问控制错误漏洞,该漏洞源于ImageGallery插件端点缺少身份验证和所有权验证,可能导致未经验证的文件上传和删除。
Description (English)
AVideo is an open-source radio network creation tool for the World Wide Broadcast Network. Prior to AVideo 20.0, there was a bug in access control, which stemmed from the lack of authentication and authentication of ownership at the end of the ImageGalery plugin, which could lead to the uploading and deletion of unverified documents.
Hazard Level
Low
Vulnerability Type
访问控制错误
Affected Vendor
World Wide Broadcast Network
Published
2025-12-17
Last Modified
2026-02-24
References
https://www.vulncheck.com/advisories/avideo-imagegallery-plugin-unauthenticated-file-upload-and-deletion https://chocapikk.com/posts/2025/avideo-security-vulnerabilities/ https://github.com/WWBN/AVideo/commit/c279999cbd https://github.com/WWBN/AVideo/commit/4a53ab2056 https://access.redhat.com/security/cve/cve-2025-34434
Patch
https://github.com/WWBN/AVideo
Share on: