QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-36895

Back to search

CVE-2020-36895

Published: Dec 10, 2025

Modified: Dec 11, 2025

PUBLISHED

Description

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

VendorProductVersions

EIBIZ Co.,Ltd.

i-Media Server Digital Signage

affected
0 - <= 3.8.0

Weaknesses (CWE)

CWE-639

References

Zero Security Advisory ZSL-2020-5583
vendor-advisory
vdb-entry

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now