Tag
AVideo platform versions up to 26.0 are vulnerable to unauthenticated control of live streams due to manipulation of the `streamerURL` parameter in the `control.json.php` endpoint, enabling actions like dropping publishers or starting/stopping recordings.