PT-2025-50511 · Spinetix · Spinetix Fusion Digital Signage
Published
2025-12-10
·
Updated
2025-12-11
·
CVE-2020-36887
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SpinetiX Fusion Digital Signage version 3.4.8
Description
An unauthenticated information disclosure issue exists in SpinetiX Fusion Digital Signage. An attacker can access the
/content/files/backups/ API endpoint to download sensitive backup files. These files contain user credentials and system information. The database backup directory is the location of the disclosed information.Recommendations
Restrict access to the
/content/files/backups/ API endpoint.Exploit
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spinetix Fusion Digital Signage