CVE-2020-36886

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SpinetiX Fusion Digital Signage version 3.4.8

Description The software contains a cross-site request forgery issue that allows attackers to create administrative user accounts without proper request validation. An attacker can create a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.

Recommendations Apply updates to address the improper request validation.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-36886

Affected Products

Spinetix Fusion

CVE-2020-36886

Weakness Enumeration

Related Identifiers

Affected Products

References · 9