Tag
AVideo is vulnerable to unauthenticated access to multiple `list.json.php` endpoints due to missing authorization checks, allowing attackers to retrieve sensitive payment transaction records, including PayPal billing agreement IDs, Express Checkout tokens, Authorize.Net webhook payloads, and Bitcoin payment records, leading to financial data exposure and potential PII leakage.