CVE-2020-37158
HIGH WAF: Low
CVSS 8.8
Published: 2026-02-11
CWE-352 CWE-352
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| wwbn | avideo | 8.1 |
References
- avideo.com (Product)
- github.com (Product)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.vulncheck.com (Third Party Advisory)