9.8
CVE-2020-36897
- EPSS 1.09%
- Veröffentlicht 10.12.2025 21:16:02
- Zuletzt bearbeitet 17.12.2025 19:17:14
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginQiHang Media Web Digital Signage 3.0.9 Unauthenticated Remote Code Execution
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Howfor ≫ Qihang Media Web Digital Signage Version3.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.09% | 0.611 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
http://www.howfor.com
https://www.exploit-db.com/exploits/48751
https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php