We recommend everyone upgrade to 2.3.17 or 3.3.5 as soon as possible. All affected CMS instances on our Cloud platform have been fully patched. For further information on each advisory please see the CVE link below.
Thanks to Noam Moshe of Claroty Research - Team82 for responsibly disclosing these vulnerabilities and allowing us time to release 2.3.17/3.3.5.
Issue #1 - Path Traversal and RCE
It is possible for a logged in user of the CMS to upload a specially constructed ZIP file which will place malicious files on the web server and achieve remote code execution.
Versions affected: 1.8.0 and later. Fixed in 2.3.17 and 3.3.5
The configuration of our Cloud platform makes this exploit significantly harder or potentially impossible to exploit.
CVE-2023-33177
Issue #2 - SQL Injection
It is possible for a logged in user of the CMS to use SQL injection to pull sensitive information from the database.
Versions affected: 1.4.0 and later. Fixed in 2.3.17 and 3.3.5
Issue #3 - SQL Injection
It is possible for a logged in user of the CMS to use SQL injection to pull sensitive information from the database.
Versions affected: 3.2.0 and later. Fixed in 3.3.5
Issue #4 - SQL Injection
It is possible for a logged in user of the CMS to use SQL injection to pull sensitive information from the database.
Versions affected: 3.2.0 and later. Fixed in 3.3.5
Issue #5 - Exposed Stack Trace
Information related to the directory structure on the server was output in an error message.
Versions affected: 3.0.0 and later. Fixed in 3.3.5
More
Read more from the blog

5 Key Considerations for Digital Signage Cybersecurity
In the first part of ChromeOS Essentials, learn key cybersecurity considerations and why a secure operating system and CMS are the best way to keep your digital signage network secure.

Windows 10 End of Life - What to Know
On October 14th 2025 Microsoft will officially end support for Windows 10. Learn what you need to know about the risks and your options moving forward.

The Digital Signage Blueprint
Get started with digital signage thanks to our handy visual guide! Learn the 5 key components to digital signage, including the CMS, player software, displays, & more.
More
Read more from the blog