Tag
WWBN AVideo versions prior to 26.0 are vulnerable to Server-Side Request Forgery (SSRF) via the `webSiteRootURL` parameter in `saveDVR.json.php`, allowing unauthenticated attackers to make arbitrary HTTP requests from the server.