CVE-2020-37158

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-37158
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://avideo.com Product
https://github.com/WWBN/AVideo Product
https://www.exploit-db.com/exploits/48003 Exploit Third Party Advisory VDB Entry
https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wwbn:avideo:8.1:*:*:*:*:*:*:*
History

20 Feb 2026, 16:21

Type Values Removed Values Added
Summary
  • (es) AVideo Platform 8.1 contiene una vulnerabilidad de falsificación de petición en sitios cruzados que permite a los atacantes restablecer contraseñas de usuario explotando el mecanismo de recuperación de contraseña. Los atacantes pueden elaborar peticiones maliciosas al endpoint recoverPass utilizando el token de recuperación del usuario para cambiar las credenciales de la cuenta sin autenticación.

18 Feb 2026, 19:37

Type Values Removed Values Added
First Time Wwbn
Wwbn avideo
CPE cpe:2.3:a:wwbn:avideo:8.1:*:*:*:*:*:*:*
References () https://avideo.com - () https://avideo.com - Product
References () https://github.com/WWBN/AVideo - () https://github.com/WWBN/AVideo - Product
References () https://www.exploit-db.com/exploits/48003 - () https://www.exploit-db.com/exploits/48003 - Exploit, Third Party Advisory, VDB Entry
References () https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset - () https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset - Third Party Advisory
CWE CWE-352

11 Feb 2026, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-11 21:16

Updated : 2026-02-20 16:21

NVD link : CVE-2020-37158

Mitre link : CVE-2020-37158

CVE.ORG link : CVE-2020-37158

JSON object : View

Products Affected

wwbn

  • avideo
CWE
CWE-352

Cross-Site Request Forgery (CSRF)

CWE-640

Weak Password Recovery Mechanism for Forgotten Password