CVE-2020-37173 HIGH

CVE-2020-37173: AVideo Platform 8.1 - Information Disclosure (User Enumeration)

Vendor Avideo
Product AVideo Platform
Weakness CWE-359
Published February 11, 2026
Last update February 12, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.

Key dates

02Disclosure timeline

February 11, 2026 CVE published
February 12, 2026 Record updated