A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
References
Link | Resource |
---|---|
http://release-notes.trms.com/txt/448 | Not Applicable Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:28
Updated: 2022-10-03T16:22:28
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-14573
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-23T23:29:00.217
Modified: 2018-09-20T14:16:23.810
Link: CVE-2018-14573
JSON object: View
Redhat Information
No data.
CWE