PT-2025-50512 · Spinetix · Spinetix Fusion
Published
2025-12-10
·
Updated
2025-12-11
·
CVE-2020-36888
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
SpinetiX Fusion Digital Signage version 3.4.8
Description
The software contains a flaw in its login script that allows attackers to identify valid user accounts through username enumeration. Attackers can send specially crafted login requests with different usernames and analyze the server's error responses to determine which accounts exist.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spinetix Fusion