FixVibe

// sondagens / holofote

AVideo Command Injection Advisory

An outdated AVideo Composer dependency can expose video-link import paths to command execution risk.

A pegada

AVideo installations often sit directly on public media-upload and publishing workflows. When the deployed package is in the affected range, a feature intended to embed remote video links can become a host-level command-execution concern.

Como funciona

This active check confirms whether user-controlled input or workflow behavior crosses a security boundary. Public docs keep the explanation high-level so customers understand the risk. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

O raio de impacto

A vulnerable AVideo service can put the PHP host, media files, encoder workers, and adjacent application credentials at risk depending on how the installation is deployed and who can reach video-link embedding features.

// o que o fixvibe verifica

O que o FixVibe verifica

FixVibe checks this class with verified-domain active testing that is bounded, non-destructive, and evidence-driven. Public reports describe the affected surface and remediation. For check-specific questions about exact detection heuristics, active payload details, or source-code rule patterns, contact support@fixvibe.app.

Defesas blindadas

Upgrade `wwbn/avideo` to 12.4 or newer, regenerate `composer.lock`, and redeploy the patched AVideo host or container. Keep upload, import, and video-link embedding features limited to trusted users while rollout completes, and review logs if the affected installation was internet-facing.

// rode no seu próprio app

Continue publicando enquanto o FixVibe vigia.

O FixVibe pressiona a superfície pública do seu app do jeito que um atacante faria — sem agente, sem instalação, sem cartão. Continuamos pesquisando novos padrões de vulnerabilidade e transformando isso em checks práticos e fixes prontos para Cursor, Claude e Copilot.

Sondagens ativas
127
testes nessa categoria
módulos
48
checks dedicados de sondagens ativas
todo scan
487+
testes em todas as categorias
  • Grátis — sem cartão, sem instalação, sem ping de Slack
  • Só colar uma URL — a gente crawla, sonda e reporta
  • Achados classificados por severidade, deduplicados no sinal
  • AI-ready prompts where code applies, plus operator steps for DNS/provider fixes
Rodar um scan grátis

// checks atuais · fixes práticos · publique com confiança

AVideo Command Injection Advisory — Holofote de Vulnerabilidade | FixVibe · FixVibe