← voltar
CVE-2020-37173

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

CVSS 8.7 HIGHEPSS 0.6%CWE-359
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
AVideo · AVideo Platform

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://avideo.comhttps://github.com/WWBN/AVideohttps://www.exploit-db.com/exploits/47997https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration