CVE-2020-37173

HIGH

AVideo Platform 8.1 - Info Disclosure

Title source: llm

Description

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsjson

https://www.exploit-db.com/exploits/47997

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47997

[Various Sources] https://avideo.com

[Various Sources] https://github.com/WWBN/AVideo

[Third Party Advisory] https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 33.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (1)

wwbn/avideo 8.1

Published Feb 11, 2026

Tracked Since Feb 18, 2026