CVE-2018-14573

MEDIUM

5.5

CVSS Severity Score

EPSS Score0.0430%

EPSS Percentile42.72th

PublishedJul 23, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.

Affected Platforms (CPE)

📦

Trms

Tightrope Media Carousel Digital Signage

< 7.3.5

References & Advisories

🔗 http://release-notes.trms.com/txt/448

Related Vulnerabilities

CVE-2018-189308.8

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulle...

CVE-2018-189318.8

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...