CVE-2020-36899
Gravedad CVSS v4.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
10/12/2025
Última modificación:
12/12/2025
Descripción
*** Pendiente de traducción *** QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Referencias a soluciones, herramientas e información
- http://www.howfor.com
- https://www.exploit-db.com/exploits/48750
- https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-arbitrary-file-disclosure
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php
- https://www.exploit-db.com/exploits/48750
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5581.php