Vulnerability Description
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spinetix | Fusion Digital Signage | <= 3.4.8 |
Related Weaknesses (CWE)
References
- https://github.com/Mbed-TLS/mbedtlsNot Applicable
- https://www.exploit-db.com/exploits/48844ExploitThird Party AdvisoryVDB Entry
- https://www.spinetix.comProduct
- https://www.vulncheck.com/advisories/spinetix-fusion-digital-signage-authenticatThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5594.phpExploitThird Party Advisory
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5594.phpExploitThird Party Advisory
FAQ
What is CVE-2020-36883?
CVE-2020-36883 is a vulnerability with a CVSS score of 8.1 (HIGH). SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input ...
How severe is CVE-2020-36883?
CVE-2020-36883 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36883?
Check the references section above for vendor advisories and patch information. Affected products include: Spinetix Fusion Digital Signage.