[HIGH] AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

PKSA-28kd-gd4j-w94p CVE-2026-33493 GHSA-83xq-8jxj-4rxm

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub