QwikSec

Security Database

CVE

CWE

Training

CVE-2020-36888

Published: Dec 10, 2025

Modified: Dec 11, 2025

PUBLISHED

Description

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.

Vendor	Product	Versions
SpenetiX AG	Fusion Digital Signage	affected `0 - <= 3.4.8`

Weaknesses (CWE)

References

ExploitDB-48847

exploit

Official Product Homepage

product

Vendor Security Advisory for ZSL-2020-5591

vendor-advisory

vdb-entry

VulnCheck Advisory: SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.