CVE-2020-36897

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
http://www.howfor.com
https://www.exploit-db.com/exploits/48751
https://www.vulncheck.com/advisories/qihang-media-web-digital-signage-unauthenticated-remote-code-execution
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5582.php