Primary

Context

UBICOD Medivision Digital Signage Authorization Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in UBICOD Medivision Digital Signage version 1.5.1 has been identified, allowing normal users to bypass authorization and escalate privileges. This is achieved by manipulating the 'ft[grp]' parameter and sending a GET request to the '/html/user' endpoint. The vulnerability enables users to gain super admin rights without authentication.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, granting normal users super admin rights.

Reproduction

To reproduce this vulnerability, send a GET request to the '/html/user' page with the 'ft[grp]' parameter set to '3'. This can be done using a web browser or a tool like curl or Postman.

Added: Dec 10, 2025, 9:33 PM

Updated: Dec 10, 2025, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UBICOD Medivision Digital Signage Authorization Bypass Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating