CVE-2020-36897

Published Dec 24, 2025 | Updated Dec 24, 2025

CVE-2020-36897 vulnerability security

CVE-2020-36897

QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server.

Scan Your Website for Vulnerabilities

Discover security issues before attackers do. Our AI-powered scanner checks for the vulnerabilities discussed in this guide and more.

Start Free Scan