CVE-2020-36899
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-17
Assigner: VulnCheck
Description
Description
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| howfor | qihang_media_web_digital_signage | 3.0.9 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-530 | A backup file is stored in a directory or archive that is made accessible to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in QiHang Media Web Digital Signage 3.0.9 allows remote attackers to access sensitive files without authentication by exploiting unverified 'filename' and 'path' parameters. Attackers can manipulate the QH.aspx endpoint's download and getAll actions to read arbitrary files and directory contents.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive files and directory contents, potentially exposing confidential information, which can compromise system security and privacy.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70