[CRITICAL] WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

PKSA-jc43-whmg-bn3y CVE-2026-29058 GHSA-9j26-99jh-v26q

Affected package: wwbn/avideo

Affected version: <7.0.0

Reported by:
GitHub