[MEDIUM] AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

PKSA-qms8-qf5t-6w9q CVE-2026-33297 GHSA-6547-8hrg-c55m

Affected package: wwbn/avideo

Affected version: <=25.0

Reported by:
GitHub