CVE-2020-37173

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

CVSS 8.7 HIGHEPSS 0.6%CWE-359

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.7EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 feb 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Productos afectados

AVideo · AVideo Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://avideo.com https://github.com/WWBN/AVideo https://www.exploit-db.com/exploits/47997 https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration