AVideo contains Command injection when embedding a video link
Impact:
An attacker could execute remote code on a system running wwbn/avideo
Step to Reproduce:
- Go to the
My Videostab
https://demo.avideo.com/mvideos
- Click "Embed a video link"
Append a command to the url as a query string. eg. ?whoami
then click Save
This issue has been resolved in commit 236228f15
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime