← volver
CVE-2020-37158

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

CVSS 8.5 HIGHEPSS 0.2%CWE-352CWE-640
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
AVideo · AVideo Platform

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://avideo.comhttps://github.com/WWBN/AVideohttps://www.exploit-db.com/exploits/48003https://www.vulncheck.com/advisories/avideo-platform-cross-site-request-forgery-password-reset