CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14573

A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.1%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 2.1

References

Products affected by CVE-2018-14573

Trms » Tightrope Media Carousel Digital Signage » Version: 6.5.1

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.5.1
Trms » Tightrope Media Carousel Digital Signage » Version: 6.5.2

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.5.2
Trms » Tightrope Media Carousel Digital Signage » Version: 6.5.3

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.5.3
Trms » Tightrope Media Carousel Digital Signage » Version: 6.5.4

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.5.4
Trms » Tightrope Media Carousel Digital Signage » Version: 6.5.5

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.5.5
Trms » Tightrope Media Carousel Digital Signage » Version: 6.6.0

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:6.6.0
Trms » Tightrope Media Carousel Digital Signage » Version: 7.0.0

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.0.0
Trms » Tightrope Media Carousel Digital Signage » Version: 7.0.1

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.0.1
Trms » Tightrope Media Carousel Digital Signage » Version: 7.0.3

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.0.3
Trms » Tightrope Media Carousel Digital Signage » Version: 7.0.4

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.0.4
Trms » Tightrope Media Carousel Digital Signage » Version: 7.0.5

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.0.5
Trms » Tightrope Media Carousel Digital Signage » Version: 7.1.1

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.1.1
Trms » Tightrope Media Carousel Digital Signage » Version: 7.2.1

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.2.1
Trms » Tightrope Media Carousel Digital Signage » Version: 7.2.2

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.2.2
Trms » Tightrope Media Carousel Digital Signage » Version: 7.3.0

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.3.0
Trms » Tightrope Media Carousel Digital Signage » Version: 7.3.1

cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:7.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14573

Products

Pricing

Contact Us