CVE-2020-36899

Опубликовано: 10 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.

Ссылки

http://www.howfor.com
Product
https://www.exploit-db.com/exploits/48750
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-arbitrary-file-disclosure
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48750
Exploit
Third Party Advisory
VDB Entry
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:howfor:qihang_media_web_digital_signage:3.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00642

Низкий

7.5 High

CVSS3

Дефекты

CWE-530

Связанные уязвимости

GHSA-2fqg-hhc5-9x33