CVE-2018-14573

MEDIUM

5.5

CVSS Severity Score

EPSS Score0.0430%

EPSS Percentile42.72th

Published2018年7月23日

Last Modified2024年11月21日

Vulnerability Description

A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.

Affected Platforms (CPE)

📦

Trms

Tightrope Media Carousel Digital Signage

< 7.3.5

References & Advisories

🔗 http://release-notes.trms.com/txt/448

相关漏洞威胁

CVE-2018-189308.8

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulle...

CVE-2018-189318.8

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on ...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...