[HIGH] AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

PKSA-rjrh-w2j8-5qv7 CVE-2026-45578 GHSA-xw67-cg5f-4m2r

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub