Description
AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/WWBN/AVideo/security/advisories/GHSA-xq8j-fhg5-hr39
Vendor Advisory x_refsource_misc
https://avideo.tube/
Scores
CVSS v3
7.7
EPSS
0.0027
EPSS Percentile
50.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Details
CWE
CWE-863
Status
published
Products (1)
wwbn/avideo
< 10.2
Published
Feb 01, 2021
Tracked Since
Feb 18, 2026