ByteOS Network

Vulnerability Details :

CVE-2020-36900

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-10 Dec, 2025 | 21:04

Updated At-11 Dec, 2025 | 18:52

All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global administrative privileges when a logged-in user visits the page.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulnCheck

Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At:10 Dec, 2025 | 21:04

Updated At:11 Dec, 2025 | 18:52

▼CVE Numbering Authority (CNA)

All-Dynamics Digital Signage System 2.0.2 Cross-Site Request Forgery via User Management

Affected Products

Vendor

All-Dynamics Software GmbH

Product

Digital Signage System

Default Status

unaffected

Versions

Affected

2.0.2 (Build 2098) ILP32W

Problem Types

Type	CWE ID	Description
CWE	CWE-352	CWE-352 Cross-Site Request Forgery (CSRF)

Type: CWE

CWE ID: CWE-352

Description: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

Version	Base score	Base severity	Vector
4.0	8.6	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Version: 4.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Credits

finder

LiquidWorm as Gjoko Krstic of Zero Science Lab

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/48736	exploit
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5576.php	third-party-advisory
https://www.all-dynamics.de	product
https://www.vulncheck.com/advisories/all-dynamics-digital-signage-system-cross-site-request-forgery-via-user-management	third-party-advisory

Hyperlink: https://www.exploit-db.com/exploits/48736

Resource:

exploit

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5576.php

Resource:

third-party-advisory

Hyperlink: https://www.all-dynamics.de

Resource:

product

Hyperlink: https://www.vulncheck.com/advisories/all-dynamics-digital-signage-system-cross-site-request-forgery-via-user-management

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5576.php	exploit

Hyperlink: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5576.php

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:disclosure@vulncheck.com

Published At:10 Dec, 2025 | 21:16

Updated At:15 Jan, 2026 | 17:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	8.6	HIGH	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

all-dynamics>>digital_signage_system>>2.0.2

cpe:2.3:a:all-dynamics:digital_signage_system:2.0.2:*:*:*:*:*:*:*