CVE-2020-37173

HIGH

AVideo Platform 8.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37173. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in AVideo Platform 8.1, allowing unauthenticated user enumeration via a direct endpoint request. The PoC includes a sample response exposing sensitive user data, including hashed passwords and admin status.

Description

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsjson
https://www.exploit-db.com/exploits/47997

This exploit demonstrates an information disclosure vulnerability in AVideo Platform 8.1, allowing unauthenticated user enumeration via a direct endpoint request. The PoC includes a sample response exposing sensitive user data, including hashed passwords and admin status.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AVideo Platform 8.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47997
Various Sources product
https://avideo.com
Various Sources product
https://github.com/WWBN/AVideo

Scores

CVSS v3 7.5
EPSS 0.0056
EPSS Percentile 42.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-359
Status published
Products (1)
wwbn/avideo 8.1
Published Feb 11, 2026
Tracked Since Feb 18, 2026