QwikSec

Security Database

CVE

CWE

Training

CVE-2020-36883

Published: Dec 10, 2025

Modified: Dec 11, 2025

PUBLISHED

Description

SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.

Vendor	Product	Versions
SpenetiX AG	Fusion Digital Signage	affected `0 - <= 3.4.8`

Weaknesses (CWE)

References

ExploitDB-48844

exploit

Official Product Homepage

product

Zero Science Lab Disclosure ZSL-2020-5594

third-party-advisory

Mbed TLS GitHub Repository

product

VulnCheck Advisory: SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.