VYPR

Carousel Digital Signage

by Tightrope Media

CVEs (1)

  • CVE-2018-14573MedJul 23, 2018
    risk 0.36cvss 5.5epss 0.06

    A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.