Primary

Context

AVideo Authorization Bypass Vulnerability Allowing Unauthorized Image Uploads on Comments

Vulnerability

Patched

A vulnerability in AVideo versions prior to 20.0 allows any authenticated user to upload comment images to videos belonging to other users. While the upload endpoint verifies authentication, it fails to check video ownership. This oversight enables unauthorized image uploads to arbitrary videos.

Impact

Exploitation of this vulnerability could lead to unauthorized image uploads on videos, potentially allowing for the distribution of inappropriate or harmful content.

Reproduction

To reproduce this vulnerability, an authenticated user can upload comment images to videos owned by other users. The upload will be accepted without any ownership verification, allowing images to be added to videos arbitrarily.

Remediation

Users are advised to update to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:30 PM

Updated: Dec 17, 2025, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.4

remediation

7.7

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Authorization Bypass Vulnerability Allowing Unauthorized Image Uploads on Comments

Vulnerability

Impact

Reproduction

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating