CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

Directory traversal

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

CVE-2018-14573

The vulnerability CVE-2018-14573 affects TightRope Media Carousel Digital Signage before 7.3.5. It is a Local File Inclusion (LFI) in the Web Interface API’s RenderingFetch function, exploitable via directory traversal sequences (CSL-1683) to download arbitrary files. Impact is stated as Partial ...

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...