CVE-2018-14573
MEDIUMTightRope Media Carousel Digital Signage <7.3.5 - Path Traversal
Title source: llmDescription
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
References (1)
Core 1
Core References
Not Applicable, Third Party Advisory x_refsource_confirm
http://release-notes.trms.com/txt/448
Scores
CVSS v3
5.5
EPSS
0.0639
EPSS Percentile
92.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
trms/tightrope_media_carousel_digital_signage
< 7.3.5
Published
Jul 23, 2018
Tracked Since
Feb 18, 2026