ГлавнаяУязвимости → CVE-2020-36897
9.8критическая

CVE-2020-36897

Описание

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.

Затрагиваемое ПО
Howfor Qihang media web digital signage
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.howfor.comhttps://www.exploit-db.com/exploits/48751https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-executionhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php