Skip to main content

RAREPROB SOLUTIONS PRIVATE LIMITED Video CVE-2026-30280

| EUVDEUVD-2026-17593 MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-03-31 mitre GHSA-r75f-v3q4-wrgv
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 19:47 euvd
EUVD-2026-17593
Analysis Generated
Mar 31, 2026 - 19:47 vuln.today
CVE Published
Mar 31, 2026 - 00:00 nvd
MEDIUM 5.3

DescriptionCVE.org

An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.

AnalysisAI

Arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 enables remote attackers to overwrite critical internal files during the file import process, resulting in arbitrary code execution or information disclosure. No CVSS score, exploitation data, or vendor patch information is currently available; the vulnerability was disclosed via academic research channels rather than coordinated vendor notification.

Technical ContextAI

The vulnerability exists in the file import functionality of the Play All Videos application v1.0.135. The application fails to implement proper validation or sanitization of file paths during import operations, allowing attackers to specify arbitrary file paths instead of restricting writes to intended import directories. This path traversal combined with file overwrite capability (CWE-434: Unrestricted Upload of File with Dangerous Type, or related CWE-426: Untrusted Search Path) permits replacement of critical system or application files. The lack of available CVE metadata (missing CVSS vector, CWE designation, and CPE vendor/product identifiers) suggests either incomplete disclosure or research-stage vulnerability reporting.

RemediationAI

No vendor-released patch has been independently confirmed at the time of analysis. RAREPROB SOLUTIONS PRIVATE LIMITED should be contacted directly via https://rareprob-website.firebaseapp.com/ to request a patched version addressing path traversal and file overwrite validation in the import process. As an interim mitigation, restrict file import functionality to trusted users only, disable the import feature if not essential, and run the application with minimal file system permissions. Review the disclosure repository at https://github.com/Secsys-FDU/AF_CVEs/issues/29 for any vendor responses or updated remediation guidance.

Share

CVE-2026-30280 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy