Cross-Site Request Forgery in AVideo Platform by WWBN
CVE-2020-37158

8.5HIGH

Key Information:

Vendor: Avideo
Status: Avideo Platform
Vendor: CVE Published:; 11 February 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-37158?

AVideo Platform version 8.1 is susceptible to a cross-site request forgery vulnerability, which enables attackers to manipulate the password recovery process. By exploiting the recoverPass endpoint, malicious actors can issue crafted requests using a user's recovery token, allowing them to reset passwords and change account credentials without the user's authentication. This vulnerability poses significant risks to user account integrity and should be addressed promptly to enhance security.

Affected Version(s)

AVideo Platform 8.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-37158 - Proof of Concept

References

https://www.exploit-db.com/exploits/48003

exploit

https://avideo.com

product

https://github.com/WWBN/AVideo

product

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 11, 2026
👾
Exploit known to exist
Feb 11, 2026
Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Feb 3, 2026

Credit

Ihsan Sencan

CVE-2020-37158 Data

JSON

Avideo