CVE-2020-36893
8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| EIBIZ Co.,Ltd. | i-Media Server Digital Signage | 0 <= 3.8.0 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://www.exploit-db.com/exploits/48766
- http://www.eibiz.co.th
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5585.php
- https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-directory-traversal-vulnerability
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.