CVE-2020-36920

HIGH

iDS6 DSSPro Digital Signage System 6.2 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36920. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an improper access control vulnerability in iDS6 DSSPro Digital Signage System 6.2, allowing authenticated users to escalate privileges by creating users, modifying roles, and assigning permissions via direct API calls or console commands.

Description

iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through console JavaScript functions. Attackers can create users, modify roles and permissions, and potentially achieve full application takeover by exploiting insecure direct object references.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/48992

This exploit demonstrates an improper access control vulnerability in iDS6 DSSPro Digital Signage System 6.2, allowing authenticated users to escalate privileges by creating users, modifying roles, and assigning permissions via direct API calls or console commands.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: iDS6 DSSPro Digital Signage System 6.2
Auth required
Prerequisites: Authenticated access to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 8.8
EPSS 0.0032
EPSS Percentile 23.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-863
Status published
Published Jan 06, 2026
Tracked Since Feb 18, 2026