Описание
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
Ссылки
- Not ApplicableThird Party Advisory
- Not ApplicableThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.3.5 (исключая)
cpe:2.3:a:trms:tightrope_media_carousel_digital_signage:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.5
github
больше 3 лет назад
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683.
EPSS
Процентиль: 17%
0.00054
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-22