TROYANOSYVIRUS
Voltar para CVEs

CVE-2020-37173

HIGH
7.5

Descricao

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Detalhes CVE

Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/11/2026
Ultima modificacao2/18/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

wwbn:avideo

Fraquezas (CWE)

CWE-359

Referencias

https://avideo.com(disclosure@vulncheck.com)
https://github.com/WWBN/AVideo(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/47997(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration(disclosure@vulncheck.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.