Security Advisory

CVE-2026-35452

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-06 21:47:45

Last updated 2026-04-08 14:08:17

Assigner GitHub_M

State PUBLISHED

Description

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin(). The log contains internal filesystem paths, remote server URLs, and SSH connection metadata.

← Browse all CVEs View on cve.org ↗