216.73.216.214

CVE-2020-36899

· Published 10/12/2025 21:16 · Modified 17/12/2025 19:01

Labels: CVE-2020-36899 2025-12-10CVE-2020-36899CWE-530[email protected]

Essential information

Published
10/12/2025 21:16
Modified
17/12/2025 19:01
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
howfor / qihang media web digital signage cpe:2.3:a:howfor:qihang_media_web_digital_signage:3.0.9:*:*:*:*:*:*:*

References