8.8
CVE-2020-36883
- EPSS 0.76%
- Veröffentlicht 10.12.2025 20:47:08
- Zuletzt bearbeitet 21.01.2026 19:19:41
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginSpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Spinetix ≫ Fusion Digital Signage Version <= 3.4.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
| disclosure@vulncheck.com | 8.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://github.com/Mbed-TLS/mbedtls
https://www.exploit-db.com/exploits/48844
https://www.spinetix.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5594.php
https://www.vulncheck.com/advisories/spinetix-fusion-digital-signage-authenticated-path-traversal-via-file-operations