CVE-2020-37158 in AVideoinfo

Summary

by MITRE • 02/11/2026

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

02/10/2026

Disclosure

02/11/2026

Moderation

accepted

Entry

VDB-345648

CPE

ready

CWE

CWE-352 (confirmed)

Exploit

Download

CVSS

9.8 (NVD)

EPSS

0.00107

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-37158
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-37158
CVE Details	https://www.cvedetails.com/cve/CVE-2020-37158/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!