8.7
CVE-2020-36899
- EPSS 0.68%
- Veröffentlicht 10.12.2025 21:16:02
- Zuletzt bearbeitet 17.12.2025 19:01:53
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginQiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Howfor ≫ Qihang Media Web Digital Signage Version3.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.711 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere
A backup file is stored in a directory or archive that is made accessible to unauthorized actors.