Tag
AVideo platform versions before 26.0 are vulnerable to unauthenticated SQL injection via the getAllCategories() method in objects/category.php due to insufficient sanitization of the doNotShowCats parameter, potentially leading to arbitrary code execution.