https://feed.craftedsignal.io/tags/cve-2026-33723/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 19:16:42 +0000https://feed.craftedsignal.io/briefs/2024-05-avideo-sqli/Mon, 23 Mar 2026 19:16:42 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-05-avideo-sqli/WWBN AVideo platform versions up to 26.0 are vulnerable to SQL injection (CVE-2026-33723), allowing authenticated attackers to inject arbitrary SQL commands via the 'user_id' POST parameter and extract sensitive data such as password hashes, API keys, and encryption salts.WWBN AVideo, an open-source video platform, is susceptible to a critical SQL injection vulnerability (CVE-2026-33723) affecting versions up to and including 26.0. The vulnerability resides within the Subscribe::save() method located in objects/subscribe.php. The application directly concatenates the $this->users_id property into an INSERT SQL query without proper sanitization or parameterized binding. This property originates from the $_POST['user_id'] parameter in both…

]]>criticaladvisoryavideosqlicve-2026-33723web-application