QwikSec

Security Database

CVE

CWE

Training

CVE-2019-20354

Published: Jan 6, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

The web application component of piSignage before 2.6.4 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/colloqi/piSignage/issues/97

x_refsource_MISC

https://github.com/colloqi/piSignage/blob/master/RELEASE%20NOTES.md

x_refsource_MISC

http://packetstormsecurity.com/files/155864/piSignage-2.6.4-Directory-Traversal.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.