Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with SameSite=None cookie policy, a cross-origin POST can overwrite the platform's logo with attacker-controlled content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.3%
CVSS Severity
CVSS v3 Score 4.3
Products affected by CVE-2026-35180
  • Wwbn » Avideo » Version: N/A
    cpe:2.3:a:wwbn:avideo:-
  • Wwbn » Avideo » Version: 10.1
    cpe:2.3:a:wwbn:avideo:10.1
  • Wwbn » Avideo » Version: 10.2
    cpe:2.3:a:wwbn:avideo:10.2
  • Wwbn » Avideo » Version: 10.4
    cpe:2.3:a:wwbn:avideo:10.4
  • Wwbn » Avideo » Version: 10.8
    cpe:2.3:a:wwbn:avideo:10.8
  • Wwbn » Avideo » Version: 11
    cpe:2.3:a:wwbn:avideo:11
  • Wwbn » Avideo » Version: 11.1
    cpe:2.3:a:wwbn:avideo:11.1
  • Wwbn » Avideo » Version: 11.1.1
    cpe:2.3:a:wwbn:avideo:11.1.1
  • Wwbn » Avideo » Version: 11.5
    cpe:2.3:a:wwbn:avideo:11.5
  • Wwbn » Avideo » Version: 11.6
    cpe:2.3:a:wwbn:avideo:11.6
  • Wwbn » Avideo » Version: 12.4
    cpe:2.3:a:wwbn:avideo:12.4
  • Wwbn » Avideo » Version: 14.2
    cpe:2.3:a:wwbn:avideo:14.2
  • Wwbn » Avideo » Version: 14.3
    cpe:2.3:a:wwbn:avideo:14.3
  • Wwbn » Avideo » Version: 14.3.1
    cpe:2.3:a:wwbn:avideo:14.3.1
  • Wwbn » Avideo » Version: 14.4
    cpe:2.3:a:wwbn:avideo:14.4
  • Wwbn » Avideo » Version: 2.2
    cpe:2.3:a:wwbn:avideo:2.2
  • Wwbn » Avideo » Version: 2.4
    cpe:2.3:a:wwbn:avideo:2.4
  • Wwbn » Avideo » Version: 2.7
    cpe:2.3:a:wwbn:avideo:2.7
  • Wwbn » Avideo » Version: 3.4
    cpe:2.3:a:wwbn:avideo:3.4
  • Wwbn » Avideo » Version: 3.4.1
    cpe:2.3:a:wwbn:avideo:3.4.1
  • Wwbn » Avideo » Version: 4.0
    cpe:2.3:a:wwbn:avideo:4.0
  • Wwbn » Avideo » Version: 4.0.1
    cpe:2.3:a:wwbn:avideo:4.0.1
  • Wwbn » Avideo » Version: 4.0.2
    cpe:2.3:a:wwbn:avideo:4.0.2
  • Wwbn » Avideo » Version: 5.0
    cpe:2.3:a:wwbn:avideo:5.0
  • Wwbn » Avideo » Version: 6.5
    cpe:2.3:a:wwbn:avideo:6.5
  • Wwbn » Avideo » Version: 7.2
    cpe:2.3:a:wwbn:avideo:7.2
  • Wwbn » Avideo » Version: 7.3
    cpe:2.3:a:wwbn:avideo:7.3
  • Wwbn » Avideo » Version: 7.4
    cpe:2.3:a:wwbn:avideo:7.4
  • Wwbn » Avideo » Version: 7.5
    cpe:2.3:a:wwbn:avideo:7.5
  • Wwbn » Avideo » Version: 7.6
    cpe:2.3:a:wwbn:avideo:7.6
  • Wwbn » Avideo » Version: 7.7
    cpe:2.3:a:wwbn:avideo:7.7
  • Wwbn » Avideo » Version: 7.8
    cpe:2.3:a:wwbn:avideo:7.8
  • Wwbn » Avideo » Version: 8.1
    cpe:2.3:a:wwbn:avideo:8.1
  • Wwbn » Avideo » Version: 8.5
    cpe:2.3:a:wwbn:avideo:8.5
  • Wwbn » Avideo » Version: 8.6
    cpe:2.3:a:wwbn:avideo:8.6
  • Wwbn » Avideo » Version: 8.7
    cpe:2.3:a:wwbn:avideo:8.7
  • Wwbn » Avideo » Version: 8.9
    cpe:2.3:a:wwbn:avideo:8.9
  • Wwbn » Avideo » Version: 8.9.1
    cpe:2.3:a:wwbn:avideo:8.9.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved