{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-37173","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2026-02-10T17:46:44.068Z","datePublished":"2026-02-11T20:36:58.062Z","dateUpdated":"2026-02-12T19:09:54.400Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-02-11T20:36:58.062Z"},"datePublic":"2020-02-05T00:00:00.000Z","title":"AVideo Platform 8.1 - Information Disclosure (User Enumeration)","descriptions":[{"lang":"en","value":"AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Exposure of Private Personal Information to an Unauthorized Actor","cweId":"CWE-359","type":"CWE"}]}],"affected":[{"vendor":"AVideo","product":"AVideo Platform","versions":[{"version":"8.1","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/47997","name":"ExploitDB-47997","tags":["exploit"]},{"url":"https://avideo.com","name":"Official AVideo Platform Homepage","tags":["product"]},{"url":"https://github.com/WWBN/AVideo","name":"AVideo Platform GitHub Repository","tags":["product"]},{"name":"VulnCheck Advisory: AVideo Platform 8.1 - Information Disclosure (User Enumeration)","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/avideo-platform-information-disclosure-user-enumeration"}],"credits":[{"lang":"en","value":"Ihsan Sencan","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-12T19:09:44.641589Z","id":"CVE-2020-37173","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-12T19:09:54.400Z"}}]}}