[HIGH] AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

PKSA-4kfk-t6qg-77z2 CVE-2026-33479 GHSA-xggw-g9pm-9qhh

Affected package: wwbn/avideo

Affected version: <=26.0

Reported by:
GitHub