SpinetiX Fusion Digital Signage 3.4.8 Path Traversal
Posted by deepcore on October 2, 2020 – 1:15 pm
SpinetiX Fusion Digital Signage version 3.4.8 suffers from an authenticated path traversal vulnerability. Input passed via several parameters in index.php script is not properly verified before being used to create and delete files. This can be exploited to write backup files to an arbitrary location and/or delete arbitrary files via traversal attacks.
Post a reply
You must be logged in to post a comment.