Tag
WWBN AVideo versions up to 26.0 are vulnerable to an arbitrary local file read via the `chunkFile` parameter in the `POST /objects/aVideoEncoder.json.php` endpoint, allowing authenticated users to read sensitive server files.