CVE-2020-37173 | THREATINT

Description

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-11 | Updated 2026-02-12 | Assigner VulnCheck

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Exposure of Private Personal Information to an Unauthorized Actor

Product status

8.1

affected

Credits

Ihsan Sencan finder

References

www.exploit-db.com/exploits/47997 (ExploitDB-47997) exploit

avideo.com (Official AVideo Platform Homepage) product

github.com/WWBN/AVideo (AVideo Platform GitHub Repository) product

www.vulncheck.com/...information-disclosure-user-enumeration (VulnCheck Advisory: AVideo Platform 8.1 - Information Disclosure (User Enumeration)) third-party-advisory

cve.org (CVE-2020-37173)

nvd.nist.gov (CVE-2020-37173)

Download JSON