Security Advisory

CVE-2020-36897

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-10 21:02:56

Last updated 2025-12-11 18:52:59

Assigner VulnCheck

State PUBLISHED

Description

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the remotePath and fileToUpload parameters to write and execute arbitrary system commands on the server.

← Browse all CVEs View on cve.org ↗