PT-2026-7672 · Avideo+2 · Avideo Platform+1

Ihsan Sencan

Published

2026-02-11

Updated

2026-02-18

CVE-2020-37173

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AVideo Platform version 8.1

Description An information disclosure issue exists in AVideo Platform version 8.1. This allows attackers to enumerate user details. The issue is present in the playlistsFromUser.json.php API endpoint. By manipulating the users id parameter, attackers can retrieve sensitive user information, including email addresses, password hashes, and administrative status.

Recommendations Apply any available updates to address this vulnerability. As a temporary workaround, restrict access to the playlistsFromUser.json.php endpoint. Consider implementing stricter input validation for the users id parameter.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-359

Related Identifiers

CVE-2020-37173

Affected Products

Avideo Platform

Avideo

PT-2026-7672 · Avideo+2 · Avideo Platform+1

CVE-2020-37173

Weakness Enumeration

Related Identifiers

Affected Products

References · 7