CVE-2020-36883 HIGH

CVE-2020-36883: SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations

Vendor Spenetix Ag
Product Fusion Digital Signage
Weakness CWE-22 · Path traversal
Published December 10, 2025
Last update December 11, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.

Key dates

02Disclosure timeline

December 10, 2025 CVE published
December 11, 2025 Record updated