Cross-Site Request Forgery Vulnerability in AVideo Platform by WWBN
CVE-2020-37172

8.5HIGH

Key Information:

Vendor: Avideo
Status: Avideo Platform
Vendor: CVE Published:; 11 February 2026

Badges

👾 Exploit Exists

What is CVE-2020-37172?

The AVideo Platform version 8.1 contains a vulnerability that enables attackers to execute cross-site request forgery attacks. By manipulating the password recovery process, an attacker can craft unauthorized requests to the recoverPass endpoint. This exploitation allows an attacker to reset user passwords by leveraging a user's recovery token, thereby gaining unauthorized access to accounts without requiring authentication. This vulnerability poses a significant risk as it can lead to unauthorized access to sensitive user information.

Affected Version(s)

AVideo Platform 8.1

References

https://www.exploit-db.com/exploits/48003

exploit

https://avideo.com

product

https://github.com/WWBN/AVideo

product

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 11, 2026
👾
Exploit known to exist
Feb 11, 2026
Vulnerability published
Feb 11, 2026
Vulnerability Reserved
Feb 10, 2026

Credit

Ihsan Sencan

CVE-2020-37172 Data

JSON

Avideo