CVE-2020-36897
Dec 24, 2025
Updated Dec 24, 2025
CVE Database
CVE-2020-36897
vulnerability
security
CVE-2020-36897
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.
Scan Your Attack Surface for These Issues
Secably automatically detects the vulnerabilities discussed in this article across your domains, subdomains, and infrastructure.
Start Free — No Credit CardRelated Articles
CVE-2025-65950
Technical analysis of CVE-2025-65950 (HIGH, 8.8) affecting WBCE CMS. Learn about affected …
CVE-2024-58279
Detailed technical analysis of CVE-2024-58279 (HIGH, 8.8) affecting appRain CMF 4.0.5. Learn …
CVE-2024-58281
Technical analysis of CVE-2024-58281 (HIGH, 8.8). Learn about affected systems, exploitation details, …
CVE-2024-58282
Detailed technical analysis of CVE-2024-58282 (HIGH, 7.2) affecting Serendipity 2.5.0. Learn about …
CVE-2024-58283
Detailed technical analysis of CVE-2024-58283 (HIGH, 8.8), a remote code execution vulnerability …