PT-2025-50514 · Eibiz · I-Media Server Digital Signage
Published
2025-12-10
·
Updated
2025-12-11
·
CVE-2020-36893
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Eibiz i-Media Server Digital Signage version 3.8.0
Description
The Eibiz i-Media Server Digital Signage software contains a directory traversal flaw. This allows attackers, without needing to log in, to access files that are outside of the intended server directory. Exploitation occurs through the
oldfile GET parameter. Specifically, attackers can view sensitive configuration files, such as web.xml, and system files, like win.ini.Recommendations
Update to a newer version that contains a fix for this vulnerability.
As a temporary workaround, restrict access to the
oldfile GET parameter.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I-Media Server Digital Signage