CVE-2026-45731
Local File Read in WWBN AVideo via Path Traversal
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wwbn | avideo | 29.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated administrator to read arbitrary files accessible to the web server process, including potentially sensitive configuration or data files if they are improperly stored within the web directory.
This arbitrary file read can lead to exposure of sensitive information, which may include personal data or credentials, thereby increasing the risk of non-compliance with data protection regulations such as GDPR or HIPAA.
If sensitive files containing personal or protected health information are exposed due to this vulnerability, organizations using the affected software could face compliance violations, data breaches, and associated legal or regulatory consequences.
Can you explain this vulnerability to me?
The CVE-2026-45731 vulnerability is an authenticated arbitrary file read issue in the AVideo software. It exists in the view/update.php file, where an authenticated administrator can exploit a path traversal vulnerability by submitting a specially crafted updateFile parameter via a POST request.
The script concatenates this input directly into a file path without proper sanitization, allowing the attacker to read arbitrary files accessible to the web server process. This happens because the file() function is used to read the contents of the specified file, which are then echoed back in the response.
This vulnerability affects all versions of AVideo where the vulnerable code pattern exists in view/update.php, and no patch is available as of the advisory date.
How can this vulnerability impact me? :
An authenticated administrator can abuse this vulnerability to read arbitrary text files reachable from the web-server process. This can lead to exposure of sensitive information if files such as /etc/passwd or .env are accessible within the web directory structure.
Such unauthorized file access can compromise system security, leak credentials or configuration details, and potentially aid further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable code pattern in the file `view/update.php` of the AVideo software, specifically looking for the use of the `file()` function on the `$_POST['updateFile']` parameter without proper sanitization.
To detect exploitation attempts on your network or system, you can monitor HTTP POST requests to `view/update.php` that include the `updateFile` parameter with suspicious path traversal strings such as `../`.
Example commands to detect such attempts in web server logs (assuming Apache logs):
- grep -i 'POST /view/update.php' /var/log/apache2/access.log | grep 'updateFile='
- grep -E '\.\./' /var/log/apache2/access.log | grep 'updateFile='
Additionally, you can use tools like curl to test if the vulnerability exists by sending a crafted POST request as an authenticated administrator, for example:
- curl -X POST -d 'updateFile=../../../../etc/passwd' -b 'auth_cookie=your_auth_cookie' https://your-avideo-instance/view/update.php
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the `view/update.php` endpoint to only trusted administrators and ensuring that only authenticated users with proper privileges can reach this script.
Since there is no patch available as of the advisory date, you should consider implementing input validation or sanitization on the `updateFile` parameter to prevent path traversal.
As a temporary workaround, you can restrict the web server's file system permissions to prevent access to sensitive files from the web server process.
Monitoring and logging access attempts to detect exploitation attempts is also recommended.
Finally, keep track of updates from the vendor for any patches or fixes addressing this vulnerability.