Vulnerability in Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Web Digital Signage
CVE-2020-36899
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx…
EPSS: 0.004 (59.0th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- ExploitDB-48750 (exploit)
- Official Product Homepage (product)
- Vendor Security Advisory for ZSL-2020-5581 (vendor-advisory, vdb-entry)
- VulnCheck Advisory: QiHang Media Web Digital Signage 3.0.9 Unauthenticated Arbitrary File Disclosure (third-party-advisory)