Main Vulnerability Database Exploits ID:12664 - Exploit for Server-Side Request Forgery (SSRF) in AVideo

ID:12664 - Exploit for Server-Side Request Forgery (SSRF) in AVideo

Published: April 28, 2026

Vulnerability identifier: #VU128346

Vulnerability risk: Low

CVE-ID: N/A

CWE-ID: CWE-918

Exploitation vector: Remote access

Vulnerable software:
AVideo

Link to public exploit:

https://github.com/WWBN/AVideo/security/advisories/GHSA-wp38-whx3-xffh/#poc

Vulnerability description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in YPTWallet donation webhook within isSSRFSafeURL() function. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:12664 - Exploit for Server-Side Request Forgery (SSRF) in AVideo

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human