CVE-2026-45731
Analyzed Analyzed - Analysis Complete

Local File Read in WWBN AVideo via Path Traversal

Vulnerability report for CVE-2026-45731, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-07-09
AI Q&A
2026-05-29
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wwbn avideo to 29.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-45731 vulnerability is an authenticated arbitrary file read issue in the AVideo software. It exists in the view/update.php file, where an authenticated administrator can exploit a path traversal vulnerability by submitting a specially crafted updateFile parameter via a POST request.

The script concatenates this input directly into a file path without proper sanitization, allowing the attacker to read arbitrary files accessible to the web server process. This happens because the file() function is used to read the contents of the specified file, which are then echoed back in the response.

This vulnerability affects all versions of AVideo where the vulnerable code pattern exists in view/update.php, and no patch is available as of the advisory date.

Impact Analysis

An authenticated administrator can abuse this vulnerability to read arbitrary text files reachable from the web-server process. This can lead to exposure of sensitive information if files such as /etc/passwd or .env are accessible within the web directory structure.

Such unauthorized file access can compromise system security, leak credentials or configuration details, and potentially aid further attacks.

Detection Guidance

This vulnerability can be detected by checking for the presence of the vulnerable code pattern in the file `view/update.php` of the AVideo software, specifically looking for the use of the `file()` function on the `$_POST['updateFile']` parameter without proper sanitization.

To detect exploitation attempts on your network or system, you can monitor HTTP POST requests to `view/update.php` that include the `updateFile` parameter with suspicious path traversal strings such as `../`.

Example commands to detect such attempts in web server logs (assuming Apache logs):

  • grep -i 'POST /view/update.php' /var/log/apache2/access.log | grep 'updateFile='
  • grep -E '\.\./' /var/log/apache2/access.log | grep 'updateFile='

Additionally, you can use tools like curl to test if the vulnerability exists by sending a crafted POST request as an authenticated administrator, for example:

  • curl -X POST -d 'updateFile=../../../../etc/passwd' -b 'auth_cookie=your_auth_cookie' https://your-avideo-instance/view/update.php
Mitigation Strategies

Immediate mitigation steps include restricting access to the `view/update.php` endpoint to only trusted administrators and ensuring that only authenticated users with proper privileges can reach this script.

Since there is no patch available as of the advisory date, you should consider implementing input validation or sanitization on the `updateFile` parameter to prevent path traversal.

As a temporary workaround, you can restrict the web server's file system permissions to prevent access to sensitive files from the web server process.

Monitoring and logging access attempts to detect exploitation attempts is also recommended.

Finally, keep track of updates from the vendor for any patches or fixes addressing this vulnerability.

Compliance Impact

The vulnerability allows an authenticated administrator to read arbitrary files accessible to the web server process, including potentially sensitive configuration or data files if they are improperly stored within the web directory.

This arbitrary file read can lead to exposure of sensitive information, which may include personal data or credentials, thereby increasing the risk of non-compliance with data protection regulations such as GDPR or HIPAA.

If sensitive files containing personal or protected health information are exposed due to this vulnerability, organizations using the affected software could face compliance violations, data breaches, and associated legal or regulatory consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45731. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart