Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-37172
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-11 Feb, 2026 | 20:33
Updated At-12 Feb, 2026 | 18:48
Rejected At-
▼CVE Numbering Authority (CNA)
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Affected Products
Vendor
AVideo
Product
AVideo Platform
Versions
Affected
  • 8.1
Problem Types
TypeCWE IDDescription
CWECWE-640Weak Password Recovery Mechanism for Forgotten Password
Type: CWE
CWE ID: CWE-640
Description: Weak Password Recovery Mechanism for Forgotten Password
Metrics
VersionBase scoreBase severityVector
4.08.5HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 4.0
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Ihsan Sencan
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/48003
exploit
https://avideo.com
product
https://github.com/WWBN/AVideo
product
https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/48003
Resource:
exploit
Hyperlink: https://avideo.com
Resource:
product
Hyperlink: https://github.com/WWBN/AVideo
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found