CVE-2026-45578 | WWBN AVideo up to 29.0 on_publish.php execAsync users_id os command injection (GHSA-xw67-cg5f-4m2r)

A vulnerability marked as critical has been reported in WWBN AVideo up to 29.0. This issue affects the function execAsync of the file plugin/Live/on_publish.php. The manipulation of the argument users_id leads to os command injection.

This vulnerability is uniquely identified as CVE-2026-45578. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More