PT-2025-50507 · Spinetix · Spinetix Fusion Digital Signage
Published
2025-12-10
·
Updated
2026-01-21
·
CVE-2020-36883
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SpinetiX Fusion Digital Signage versions 3.4.8 and lower
Description
The software contains an authenticated path traversal flaw. This allows attackers to manipulate file backup and deletion operations using unverified input parameters. Exploitation involves path traversal techniques within the
index.php file to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests. The vulnerability requires authentication.Recommendations
Update to a version of SpinetiX Fusion Digital Signage higher than 3.4.8.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spinetix Fusion Digital Signage