CVE-2020-36893

Description

Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-10 | Updated 2025-12-11 | Assigner VulnCheck

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5585.php exploit

www.exploit-db.com/exploits/48766 (ExploitDB-48766) exploit

www.eibiz.co.th (EIBIZ Co.,Ltd. Product Web Page) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5585.php (Zero Science Advisory ID ZSL-2020-5585) vendor-advisory vdb-entry

www.vulncheck.com/...gnage-directory-traversal-vulnerability (VulnCheck Advisory: Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability) third-party-advisory

cve.org (CVE-2020-36893)

nvd.nist.gov (CVE-2020-36893)

Download JSON