Primary

Context

AVideo Insecure Direct Object Reference Vulnerability Allowing Arbitrary File Upload

Vulnerability

Patched

A vulnerability in AVideo versions prior to 20.0 allows authenticated users to upload files to directories of other users, due to an insecure direct object reference. While the upload feature checks for user authentication, it fails to verify ownership of the directories where files are being uploaded.

Impact

This vulnerability could lead to unauthorized access to user files or directories, potentially allowing for the manipulation or deletion of user data.

Remediation

Users can update to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:31 PM

Updated: Dec 17, 2025, 8:31 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Insecure Direct Object Reference Vulnerability Allowing Arbitrary File Upload

Vulnerability

Impact

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating