CVE-2020-36900
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| all-dynamics | digital_signage_system | 2.0.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a cross-site request forgery (CSRF) in All-Dynamics Digital Signage System 2.0.2 that allows attackers to create administrative users without proper request validation. An attacker can craft a malicious web page that, when visited by a logged-in user, automatically submits forms to create a new user with global administrative privileges.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to gain administrative access to the affected system by creating new administrative users without authorization. This can lead to unauthorized control over the system, potentially allowing the attacker to manipulate content, settings, or other sensitive operations within the Digital Signage System.