CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-37173

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.2%

CVSS Severity

CVSS v3 Score 7.5

References

https://avideo.com
https://github.com/WWBN/AVideo
https://www.exploit-db.com/exploits/47997
https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration

Products affected by CVE-2020-37173

Wwbn » Avideo » Version: 8.1

cpe:2.3:a:wwbn:avideo:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-37173

Products

Pricing

Contact Us