CVE-2026-28501 - WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/vi...

CVE ID : CVE-2026-28501 Published : March 6, 2026, 3:05 a.m. | 44 minutes ago Description : WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and merged into $_REQUEST after global security checks are executed, the payload bypasses the existing sanitization mechanisms. This issue has been patched in version 24.0. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...