← Volver a CVEs
CVE-2020-36897
CRITICAL9.8
Descripcion
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/10/2025
Ultima modificacion12/17/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
howfor:qihang_media_web_digital_signage
Debilidades (CWE)
CWE-434
Referencias
http://www.howfor.com(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48751(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-execution(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.