exploitDog

CVE-2020-37172

Опубликовано: 11 фев. 2026

Источник: nvd

CVSS3: 5.3

CVSS3: 9.8

EPSS Низкий

Описание

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Ссылки

https://avideo.com
Product
https://github.com/WWBN/AVideo
Product
https://www.exploit-db.com/exploits/48003
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00676

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-640

Связанные уязвимости

GHSA-8wgf-f4hv-w5qc

CVSS3: 5.3

github

4 месяца назад

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

EPSS

Процентиль: 47%

0.00676

Низкий

5.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-640