{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2020-36893","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-09T11:46:53.451Z","datePublished":"2025-12-10T20:52:52.187Z","dateUpdated":"2025-12-11T18:53:24.647Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"i-Media Server Digital Signage","vendor":"EIBIZ Co.,Ltd.","versions":[{"lessThanOrEqual":"3.8.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab"}],"datePublic":"2020-08-22T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini.</p>"}],"value":"Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-10T20:52:52.187Z"},"references":[{"name":"ExploitDB-48766","tags":["exploit"],"url":"https://www.exploit-db.com/exploits/48766"},{"name":"EIBIZ Co.,Ltd. Product Web Page","tags":["product"],"url":"http://www.eibiz.co.th"},{"name":"Zero Science Advisory ID ZSL-2020-5585","tags":["vendor-advisory","vdb-entry"],"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5585.php"},{"name":"VulnCheck Advisory: Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/eibiz-i-media-server-digital-signage-directory-traversal-vulnerability"}],"source":{"discovery":"UNKNOWN"},"title":"Eibiz i-Media Server Digital Signage 3.8.0 Directory Traversal Vulnerability","x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5585.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-11T16:00:20.337529Z","id":"CVE-2020-36893","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-11T18:53:24.647Z"}}]}}