Main Vulnerability Database Vulnerabilities #VU128351

Improper Verification of Source of a Communication Channel in AVideo - #VU128351

Published: April 28, 2026 / Updated: April 28, 2026

Vulnerability identifier: #VU128351

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: N/A

CWE-ID: CWE-940

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: World Wide Broadcast Network

Affected software:
AVideo

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper verification of source of a communication channel within sendEmail.json.php. A remote attacker can send arbitrary email and perform phishing attack with the site's real sender identity.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://github.com/WWBN/AVideo/security/advisories/GHSA-5hgj-7gm9-cff5

Improper Verification of Source of a Communication Channel in AVideo - #VU128351

Detailed vulnerability description

Remediation

Sources

Please verify you're human