First published: Mon Jan 06 2020(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pisignage Pisignage | <2.6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20354 is a vulnerability in the web application component of piSignage before version 2.6.4.
The severity of CVE-2019-20354 is medium with a severity value of 4.3.
CVE-2019-20354 allows a remote attacker (authenticated as a low-privilege user) to download arbitrary files from the Raspberry Pi via path traversal in the player API for log download.
To fix CVE-2019-20354, you should upgrade piSignage to version 2.6.4 or later.
You can find more information about CVE-2019-20354 in the following references: [1] [2] [3].