CVE-2020-36900

Name of the Vulnerable Software and Affected Versions All-Dynamics Digital Signage System version 2.0.2

Description The software contains a cross-site request forgery issue. This allows attackers to create administrative users without proper request validation. An attacker can create a malicious web page that, when visited by a logged-in user, automatically submits forms to create a new user with global administrative privileges. The issue stems from a lack of validation of requests.

Recommendations Update to a newer version that contains a fix for this vulnerability.