[CRITICAL] AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

PKSA-xtjn-tvnf-r8sj CVE-2026-28501 GHSA-pv87-r9qf-x56p

Affected package: wwbn/avideo

Affected version: <=21.0.0

Reported by:
GitHub