LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits.
9.8CVSS
9.5AI Score
0.007EPSS
9.8CVSS
9.4AI Score
0.006EPSS
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
9.8CVSS
9.7AI Score
0.871EPSS