SpinetiX Fusion Digital Signage 3.4.8 Authenticated Path Traversal via File Operations

Advisories

severity: critical
date: December 10, 2025
Affecting: Fusion Digital Signage <= 3.4.8 (1.0.36274)
CVE: CVE-2020-36883
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS: 8.8
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
References: ExploitDB-48844
SpinetiX Homepage
Zero Science Lab Disclosure (ZSL-2020-5594)
Credit: LiquidWorm as Gjoko Krstic of Zero Science Lab
Description: SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.