CVE-2020-36887

EIP tracks 1 public exploit for CVE-2020-36887. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated database backup disclosure vulnerability in SpinetiX Fusion Digital Signage. By accessing a specific URL, an attacker can download a backup file containing sensitive information such as hashed credentials.

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.