← voltar
CVE-2020-37158

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

CVSS 8.5 HIGHEPSS 0.2%CWE-352CWE-640
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Produtos afetados
AVideo · AVideo Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://avideo.comhttps://github.com/WWBN/AVideohttps://www.exploit-db.com/exploits/48003https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset