CVE-2020-37173Exposure of Private Personal Information to an Unauthorized Actor in Platform

CWE-359Exposure of Private Personal Information to an Unauthorized Actor2 documents2 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 65.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Avideo PlatformWwbn Avideo
Timeline
PublishedFeb 11

Description

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5avideo/avideo_platform8.1
NVDwwbn/avideo8.1

🔴Vulnerability Details

1
GHSA
GHSA-349p-7f27-qvx8: AVideo Platform 82026-02-11