CVE-2020-37158

Sažetak

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Reference

https://avideo.com
https://github.com/WWBN/AVideo
https://www.exploit-db.com/exploits/48003
https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Zadnje važnije ažuriranje

20-02-2026 - 16:21

Objavljeno

11-02-2026 - 21:16