CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-36883

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.4%

CVSS Severity

CVSS v3 Score 8.1

References

https://github.com/Mbed-TLS/mbedtls
https://www.exploit-db.com/exploits/48844
https://www.spinetix.com
https://www.vulncheck.com/advisories/spinetix-fusion-digital-signage-authenticated-path-traversal-via-file-operations
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5594.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5594.php

Products affected by CVE-2020-36883

Spinetix » Fusion Digital Signage » Version: Any

cpe:2.3:a:spinetix:fusion_digital_signage:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36883

Products

Pricing

Contact Us