Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-33039

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL(), but only checks the initial URL. When the initial URL responds with an HTTP redirect (Location header), the redirect target is fetched via fakeBrowser() without re-validation, allowing an attacker to reach internal services (cloud metadata, RFC1918 addresses) through an attacker-controlled redirect. This issue is fixed in version 26.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.7%
CVSS Severity
CVSS v3 Score 8.6
Products affected by CVE-2026-33039
  • Wwbn » Avideo » Version: N/A
    cpe:2.3:a:wwbn:avideo:-
  • Wwbn » Avideo » Version: 10.1
    cpe:2.3:a:wwbn:avideo:10.1
  • Wwbn » Avideo » Version: 10.2
    cpe:2.3:a:wwbn:avideo:10.2
  • Wwbn » Avideo » Version: 10.4
    cpe:2.3:a:wwbn:avideo:10.4
  • Wwbn » Avideo » Version: 10.8
    cpe:2.3:a:wwbn:avideo:10.8
  • Wwbn » Avideo » Version: 11
    cpe:2.3:a:wwbn:avideo:11
  • Wwbn » Avideo » Version: 11.1
    cpe:2.3:a:wwbn:avideo:11.1
  • Wwbn » Avideo » Version: 11.1.1
    cpe:2.3:a:wwbn:avideo:11.1.1
  • Wwbn » Avideo » Version: 11.5
    cpe:2.3:a:wwbn:avideo:11.5
  • Wwbn » Avideo » Version: 11.6
    cpe:2.3:a:wwbn:avideo:11.6
  • Wwbn » Avideo » Version: 12.4
    cpe:2.3:a:wwbn:avideo:12.4
  • Wwbn » Avideo » Version: 14.2
    cpe:2.3:a:wwbn:avideo:14.2
  • Wwbn » Avideo » Version: 14.3
    cpe:2.3:a:wwbn:avideo:14.3
  • Wwbn » Avideo » Version: 14.3.1
    cpe:2.3:a:wwbn:avideo:14.3.1
  • Wwbn » Avideo » Version: 14.4
    cpe:2.3:a:wwbn:avideo:14.4
  • Wwbn » Avideo » Version: 2.2
    cpe:2.3:a:wwbn:avideo:2.2
  • Wwbn » Avideo » Version: 2.4
    cpe:2.3:a:wwbn:avideo:2.4
  • Wwbn » Avideo » Version: 2.7
    cpe:2.3:a:wwbn:avideo:2.7
  • Wwbn » Avideo » Version: 3.4
    cpe:2.3:a:wwbn:avideo:3.4
  • Wwbn » Avideo » Version: 3.4.1
    cpe:2.3:a:wwbn:avideo:3.4.1
  • Wwbn » Avideo » Version: 4.0
    cpe:2.3:a:wwbn:avideo:4.0
  • Wwbn » Avideo » Version: 4.0.1
    cpe:2.3:a:wwbn:avideo:4.0.1
  • Wwbn » Avideo » Version: 4.0.2
    cpe:2.3:a:wwbn:avideo:4.0.2
  • Wwbn » Avideo » Version: 5.0
    cpe:2.3:a:wwbn:avideo:5.0
  • Wwbn » Avideo » Version: 6.5
    cpe:2.3:a:wwbn:avideo:6.5
  • Wwbn » Avideo » Version: 7.2
    cpe:2.3:a:wwbn:avideo:7.2
  • Wwbn » Avideo » Version: 7.3
    cpe:2.3:a:wwbn:avideo:7.3
  • Wwbn » Avideo » Version: 7.4
    cpe:2.3:a:wwbn:avideo:7.4
  • Wwbn » Avideo » Version: 7.5
    cpe:2.3:a:wwbn:avideo:7.5
  • Wwbn » Avideo » Version: 7.6
    cpe:2.3:a:wwbn:avideo:7.6
  • Wwbn » Avideo » Version: 7.7
    cpe:2.3:a:wwbn:avideo:7.7
  • Wwbn » Avideo » Version: 7.8
    cpe:2.3:a:wwbn:avideo:7.8
  • Wwbn » Avideo » Version: 8.1
    cpe:2.3:a:wwbn:avideo:8.1
  • Wwbn » Avideo » Version: 8.5
    cpe:2.3:a:wwbn:avideo:8.5
  • Wwbn » Avideo » Version: 8.6
    cpe:2.3:a:wwbn:avideo:8.6
  • Wwbn » Avideo » Version: 8.7
    cpe:2.3:a:wwbn:avideo:8.7
  • Wwbn » Avideo » Version: 8.9
    cpe:2.3:a:wwbn:avideo:8.9
  • Wwbn » Avideo » Version: 8.9.1
    cpe:2.3:a:wwbn:avideo:8.9.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved