CVE-2020-36888

MEDIUM

SpinetiX Fusion Digital Signage 3.4.8 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36888. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a writeup describing a username enumeration vulnerability in SpinetiX Fusion Digital Signage. The vulnerability allows an attacker to distinguish between invalid usernames and incorrect passwords by analyzing the error messages returned by the login script.

Description

SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48847

View Code ZIP pw:eip

This is a writeup describing a username enumeration vulnerability in SpinetiX Fusion Digital Signage. The vulnerability allows an attacker to distinguish between invalid usernames and incorrect passwords by analyzing the error messages returned by the login script.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SpinetiX Fusion Digital Signage <= 3.4.8 (1.0.36274)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1589.001 - Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory, VDB Entry exploit

https://www.exploit-db.com/exploits/48847

Product product

https://www.spinetix.com

Exploit, Third Party Advisory vendor-advisory vdb-entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5591.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/spinetix-fusion-digital-signage-username-enumeration-via-login-script

Scores

CVSS v3 5.3

EPSS 0.0034

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (1)

spinetix/fusion_digital_signage < 3.4.8

Published Dec 10, 2025

Tracked Since Feb 18, 2026