MidnightBSD

Advisories for all-dynamics

CVE-2020-36900

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global administrative privileges when a logged-in user visits the page.

Products Affected

Vendor Product Version
all-dynamics digital_signage_system 2.0.2