[MEDIUM] AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile Photos with Arbitrary Content

PKSA-7rzh-pwkp-t841 CVE-2026-43877 GHSA-jw8g-5j46-44rp

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub