CVE-2026-33351 | WWBN AVideo up to 25.x saveDVR.json.php file_get_contents webSiteRootURL server-side request forgery (GHSA-5f7v-4f6g-74rj)

A vulnerability labeled as critical has been found in WWBN AVideo up to 25.x. Affected is the function file_get_contents of the file plugin/Live/standAloneFiles/saveDVR.json.php. Executing a manipulation of the argument webSiteRootURL can lead to server-side request forgery.

This vulnerability is handled as CVE-2026-33351. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More