PT-2026-7660 · Avideo+2 · Avideo Platform+1
Ihsan Sencan
·
Published
2026-02-11
·
Updated
2026-02-18
·
CVE-2020-37172
CVSS v3.1
9.8
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AVideo Platform version 8.1
Description
The software contains a cross-site request forgery condition that permits attackers to reset user passwords. This is achieved by exploiting the password recovery mechanism, where attackers can construct malicious requests to the
/recoverPass API endpoint. Utilizing a user's recovery token, attackers can alter account credentials without proper authentication.Recommendations
Apply updates to address the issue in AVideo Platform version 8.1.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avideo Platform
Avideo