CVE-2018-14573

Name of the Vulnerable Software and Affected Versions TightRope Media Carousel Digital Signage versions prior to 7.3.5

Description A Local File Inclusion (LFI) issue exists in the Web Interface API, specifically affecting the RenderingFetch API. This allows for the downloading of arbitrary files through directory traversal sequences.

Recommendations For versions prior to 7.3.5, update to version 7.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the RenderingFetch API to minimize the risk of exploitation.