CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-36895

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.3%

CVSS Severity

CVSS v3 Score 7.5

References

http://www.eibiz.co.th
https://www.exploit-db.com/exploits/48764
https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-unauthenticated-configuration-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5583.php

Products affected by CVE-2020-36895

Eibiz » I-Media Server Digital Signage » Version: 3.8.0

cpe:2.3:a:eibiz:i-media_server_digital_signage:3.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36895

Products

Pricing

Contact Us