Main Vulnerability Database Exploits ID:12659 - Exploit for Improper Verification of Source of a Communication Channel in AVideo

ID:12659 - Exploit for Improper Verification of Source of a Communication Channel in AVideo

Published: April 28, 2026

Vulnerability identifier: #VU128351

Vulnerability risk: Medium

CVE-ID: N/A

CWE-ID: CWE-940

Exploitation vector: Remote access

Vulnerable software:
AVideo

Link to public exploit:

https://github.com/WWBN/AVideo/security/advisories/GHSA-5hgj-7gm9-cff5/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper verification of source of a communication channel within sendEmail.json.php. A remote attacker can send arbitrary email and perform phishing attack with the site's real sender identity.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12659 - Exploit for Improper Verification of Source of a Communication Channel in AVideo

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human