Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
AnalysisAI
Arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 enables remote attackers to overwrite critical internal files during the file import process, resulting in arbitrary code execution or information disclosure. No CVSS score, exploitation data, or vendor patch information is currently available; the vulnerability was disclosed via academic research channels rather than coordinated vendor notification.
Technical ContextAI
The vulnerability exists in the file import functionality of the Play All Videos application v1.0.135. The application fails to implement proper validation or sanitization of file paths during import operations, allowing attackers to specify arbitrary file paths instead of restricting writes to intended import directories. This path traversal combined with file overwrite capability (CWE-434: Unrestricted Upload of File with Dangerous Type, or related CWE-426: Untrusted Search Path) permits replacement of critical system or application files. The lack of available CVE metadata (missing CVSS vector, CWE designation, and CPE vendor/product identifiers) suggests either incomplete disclosure or research-stage vulnerability reporting.
RemediationAI
No vendor-released patch has been independently confirmed at the time of analysis. RAREPROB SOLUTIONS PRIVATE LIMITED should be contacted directly via https://rareprob-website.firebaseapp.com/ to request a patched version addressing path traversal and file overwrite validation in the import process. As an interim mitigation, restrict file import functionality to trusted users only, disable the import feature if not essential, and run the application with minimal file system permissions. Review the disclosure repository at https://github.com/Secsys-FDU/AF_CVEs/issues/29 for any vendor responses or updated remediation guidance.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17593
GHSA-r75f-v3q4-wrgv