CVE-2020-36895

Name of the Vulnerable Software and Affected Versions EIBIZ i-Media Server Digital Signage version 3.8.0

Description The software contains an unauthenticated configuration disclosure issue. Remote attackers can access sensitive configuration files via direct object reference. Specifically, attackers can retrieve the SiteConfig.properties file using an HTTP GET request. This exposure includes administrative credentials, database connection details, and system configuration information.

Recommendations Update to a newer version that contains a fix for this vulnerability.