Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses() function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can break out of the single-quoted grep context and execute arbitrary OS commands as the web-server user. | |
| Title | AVideo through 29.0 OS Command Injection via listFFmpegProcesses | |
| First Time appeared |
Wwbn
Wwbn avideo |
|
| Weaknesses | CWE-78 | |
| CPEs | cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Wwbn
Wwbn avideo |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-16T17:38:36.515Z
Reserved: 2026-07-16T12:13:18.732Z
Link: CVE-2026-63304
Updated: 2026-07-16T17:36:24.220Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T15:15:04Z