Back to search
CVE-2020-36900
Published: Dec 10, 2025
Modified: Dec 11, 2025
PUBLISHED
Description
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global administrative privileges when a logged-in user visits the page.
| Vendor | Product | Versions |
|---|---|---|
All-Dynamics Software GmbH | Digital Signage System | affected 2.0.2 (Build 2098) ILP32W |
Weaknesses (CWE)
References
ExploitDB-48736
exploit
Zero Science Advisory ID ZSL-2020-5576
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now