NVD CRITICAL: CVE-2026-33770 — WWBN AVideo is an open source video platform. In versions up to and including 26...
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `fixCleanTitle()` static method in `objects/category.php` constructs a SQL SELECT query by directly interpolating both `$clean_title` and `$id` into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a crafted title value c
CVE-2026-33770