Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6bmv-4jyc-hkct
SummaryWWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process.
Aliases
0
alias CVE-2026-45731
1
alias GHSA-3mjv-375j-6h92
Fixed_packages
Affected_packages
0
url pkg:composer/wwbn/avideo@29.0.0
purl pkg:composer/wwbn/avideo@29.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uab-dgtz-hqcm
1
vulnerability VCID-378r-bgse-6qhw
2
vulnerability VCID-39z9-cczn-v7dq
3
vulnerability VCID-3g6d-frkn-7ka8
4
vulnerability VCID-3jeh-52qp-vkhe
5
vulnerability VCID-44jq-pmnk-q7e3
6
vulnerability VCID-48c5-cxqf-7yar
7
vulnerability VCID-4zzs-u56m-kubm
8
vulnerability VCID-6bmv-4jyc-hkct
9
vulnerability VCID-6t1w-33wc-r7gu
10
vulnerability VCID-72qa-csxh-5ubs
11
vulnerability VCID-77m3-thwg-pkex
12
vulnerability VCID-7an2-kvub-wbdc
13
vulnerability VCID-83j9-2b59-nff2
14
vulnerability VCID-8b22-g4th-cba2
15
vulnerability VCID-8y3y-7nys-63cb
16
vulnerability VCID-8zdd-12d9-mkdt
17
vulnerability VCID-92s2-qetk-bucr
18
vulnerability VCID-9hvy-qn33-9qbx
19
vulnerability VCID-b53d-jg9w-vffx
20
vulnerability VCID-bu5v-zyym-j7gh
21
vulnerability VCID-c8uz-mfg4-5qhc
22
vulnerability VCID-cea3-yyc7-duef
23
vulnerability VCID-cps6-m7k1-73ac
24
vulnerability VCID-d58u-395a-2qem
25
vulnerability VCID-ejz4-zxyp-4qbf
26
vulnerability VCID-enrr-p3bb-5qgs
27
vulnerability VCID-gdvd-yzgn-efgk
28
vulnerability VCID-h168-q8a4-4qgt
29
vulnerability VCID-j1dv-68kj-1qb9
30
vulnerability VCID-jbba-q6ga-g3hs
31
vulnerability VCID-k42k-auyh-4yce
32
vulnerability VCID-kbk6-xmz6-gkhk
33
vulnerability VCID-kmas-k2bp-5ybw
34
vulnerability VCID-m1ad-m4uf-fkgf
35
vulnerability VCID-m31s-e72s-pkgm
36
vulnerability VCID-mez8-49wu-cyee
37
vulnerability VCID-p3ms-jagv-qkab
38
vulnerability VCID-sqyg-vnng-yqab
39
vulnerability VCID-tjkb-bmeg-67dc
40
vulnerability VCID-ttqk-knnt-gyfd
41
vulnerability VCID-u475-hh1j-a7fc
42
vulnerability VCID-wypm-g4wr-ebbr
43
vulnerability VCID-ybae-jsp4-3qhz
44
vulnerability VCID-yyf4-tsdh-wfdn
45
vulnerability VCID-z8t4-ckvj-83dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@29.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45731
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23514
published_at 2026-06-11T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23721
published_at 2026-06-13T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.2371
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45731
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45731
reference_id CVE-2026-45731
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45731
2
reference_url https://github.com/advisories/GHSA-3mjv-375j-6h92
reference_id GHSA-3mjv-375j-6h92
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mjv-375j-6h92
3
reference_url https://github.com/WWBN/AVideo/security/advisories/GHSA-3mjv-375j-6h92
reference_id GHSA-3mjv-375j-6h92
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-29T14:03:06Z/
url https://github.com/WWBN/AVideo/security/advisories/GHSA-3mjv-375j-6h92
Weaknesses
0
cwe_id 22
name Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6bmv-4jyc-hkct