Primary

Context

AVideo Information Disclosure Vulnerability via Public API

Vulnerability

Patched

A vulnerability exists in AVideo versions prior to 20.0, where sensitive user information is exposed through an unauthenticated public API endpoint. This information includes emails, usernames, administrative status, and last login times, leading to user enumeration and privacy violations.

Impact

The vulnerability allows for unauthorized access to sensitive user information, including personal identification details and administrative status, which could be misused for privacy violations or social engineering attacks.

Reproduction

The vulnerability can be reproduced by sending a request to the public API endpoint without authentication. The response will include sensitive user information such as email addresses, usernames, admin status, and last login times.

Remediation

Users can upgrade to AVideo version 20.0 or later, where this vulnerability has been addressed.

Added: Dec 17, 2025, 8:26 PM

Updated: Dec 17, 2025, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.6

remediation

7.7

relevance

1.5

threat

5.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

8.6

remediation

7.7

relevance

1.5

threat

5.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AVideo Information Disclosure Vulnerability via Public API

Vulnerability

Impact

Reproduction

Remediation

Affected Products

WWBN AVideo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating