{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33723/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["avideo","sqli","cve-2026-33723","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWWBN AVideo, an open-source video platform, is susceptible to a critical SQL injection vulnerability (CVE-2026-33723) affecting versions up to and including 26.0. The vulnerability resides within the \u003ccode\u003eSubscribe::save()\u003c/code\u003e method located in \u003ccode\u003eobjects/subscribe.php\u003c/code\u003e. The application directly concatenates the \u003ccode\u003e$this-\u0026gt;users_id\u003c/code\u003e property into an INSERT SQL query without proper sanitization or parameterized binding. This property originates from the \u003ccode\u003e$_POST['user_id']\u003c/code\u003e parameter in both…\u003c/p\u003e\n","date_modified":"2026-03-23T19:16:42Z","date_published":"2026-03-23T19:16:42Z","id":"/briefs/2024-05-avideo-sqli/","summary":"WWBN AVideo platform versions up to 26.0 are vulnerable to SQL injection (CVE-2026-33723), allowing authenticated attackers to inject arbitrary SQL commands via the 'user_id' POST parameter and extract sensitive data such as password hashes, API keys, and encryption salts.","title":"WWBN AVideo SQL Injection Vulnerability (CVE-2026-33723)","url":"https://feed.craftedsignal.io/briefs/2024-05-avideo-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33723","version":"https://jsonfeed.org/version/1.1"}