AVideo Platform 8.1 - Information Disclosure (User Enumeration) | Advisories

Advisories

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

severity: high
date: 2/11/2026
Affecting: AVideo Platform <= 8.1
CVE: CVE-2020-37173
CWE: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-47997
Official AVideo Platform Homepage
AVideo Platform GitHub Repository
Credit: Ihsan Sencan
Description: AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo