CVE-2026-33293 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 23, 2026
WWBN AVideo - Path Traversal
Overview
WWBN AVideo < 26.0 contains a path traversal caused by unsanitized 'deleteDump' parameter in plugin/CloneSite/cloneServer.json.php passed to unlink(), letting attackers with valid clone credentials delete arbitrary files, exploit requires valid clone credentials.
Severity & Score
Impact
Attackers with valid clone credentials can delete arbitrary files, causing denial of service or enabling further attacks.
Mitigation
Upgrade to version 26.0 or later.
References
Social Media Activity(1 post)
š CVE-2026-33293 - High (8.1) WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitization. An attacker with valid clone credentials can... š https://www.thehackerwire.com/vulnerability/CVE-2026-33293/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33293
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 4.0%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H