CVE-2020-36897

Sažetak

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.

Reference

http://www.howfor.com
https://www.exploit-db.com/exploits/48751
https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-12-2025 - 19:17

Objavljeno

10-12-2025 - 21:16