Описание
AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.
AVideo versions prior to 20.0 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-34434
- https://github.com/WWBN/AVideo/commit/4a53ab2056
- https://github.com/WWBN/AVideo/commit/c279999cbd
- https://chocapikk.com/posts/2025/avideo-security-vulnerabilities
- https://www.vulncheck.com/advisories/avideo-imagegallery-plugin-unauthenticated-file-upload-and-deletion
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated attackers to upload or delete images associated with any image-based video.
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3