Lucene search
K
LgSimple Editor

25 matches found

CVE
CVE
added 2024/05/03 2:11 a.m.93 views

CVE-2023-40504

LG Simple Editor (affected: Windows, = 3.x) where the vulnerability is fixed.

9.8CVSS9.9AI score0.87761EPSS
Web
CVE
CVE
added 2024/05/03 2:11 a.m.64 views

CVE-2023-40498

LG Simple Editor (cp command in makeDetailContent) suffers a directory-traversal vulnerability leading to remote code execution with SYSTEM context. Lack of validation on user-supplied paths in file operations is the root cause. Affected product is LG Simple Editor; CVE-2023-40498 is documented a...

9.8CVSS10AI score0.82964EPSS
Web
CVE
CVE
added 2024/05/03 2:11 a.m.62 views

CVE-2023-40502

LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability affects LG Simple Editor. The flaw stems from improper validation of a user-supplied path in the cropImage command, allowing remote attackers to delete arbitrary files with SYSTEM context. Affected components inc...

9.1CVSS8.2AI score0.84357EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.61 views

CVE-2023-40513

CVE-2023-40513 – LG Simple Editor : The issue affects LG Simple Editor’s UserManageController.getImageByFilename, caused by insufficient validation of a user-supplied path before file operations. This directory-traversal leads to information disclosure under SYSTEM context. The vulnerability is p...

6.5CVSS6.2AI score0.02733EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.60 views

CVE-2023-40509

LG Simple Editor has a directory-traversal vulnerability in the deleteCanvas method that allows remote attackers to delete arbitrary files in the SYSTEM context. The issue stems from insufficient validation of a user-supplied path prior to file operations, with authentication not required and net...

9.1CVSS8.2AI score0.01998EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.57 views

CVE-2023-40507

The provided sources confirm a concrete vulnerability in LG Simple Editor: an XML External Entity (XXE) handling flaw in the copyContent command. A crafted document with a URI causes the XML parser to fetch the URI and embed its contents back into the XML, allowing a remote attacker to disclose i...

7.5CVSS7.2AI score0.01271EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.57 views

CVE-2023-40515

CVE-2023-40515 concerns LG Simple Editor. The vulnerability is in the joinAddUser method and stems from improper input validation , enabling an unauthenticated remote attacker to cause a denial-of-service condition. Across the connected documents, there are no concrete details on affected version...

7.5CVSS7.5AI score0.01283EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.56 views

CVE-2023-40503

CVE-2023-40503 concerns LG Simple Editor. The flaw is in the saveXmlFile method, where improper restriction of XML External Entity (XXE) references allows a crafted document to cause the XML parser to fetch a URI and embed its contents back into the XML, enabling information disclosure in the SYS...

7.5CVSS7.2AI score0.01271EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.55 views

CVE-2023-40506

LG Simple Editor is affected by a XXE-based information disclosure in the copyContent command. The flaw arises from improper restriction of XML External Entity references, allowing a crafted document to cause the XML parser to fetch a URI and embed its contents back into the document (SYSTEM cont...

7.5CVSS7.2AI score0.01271EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.55 views

CVE-2023-40511

LG Simple Editor CVE-2023-40511 involves a flaw in the checkServer method that exposes plaintext credentials, enabling remote authentication bypass. The vulnerability is documented across multiple sources (e.g., ZDI-23-1215; NVD/NVD mirror; PT-Security entry) with a base score of 7.5 (HIGH) and n...

7.5CVSS7.7AI score0.01267EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.55 views

CVE-2023-40512

LG Simple Editor’s CVE-2023-40512 affects the PlayerController.getImageByFilename method, where lack of validation of a user-supplied path enables directory traversal to disclose sensitive information. The vulnerability allows remote attackers to access information in the context of SYSTEM, with ...

6.5CVSS6.2AI score0.02733EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.54 views

CVE-2023-40510

LG Simple Editor is affected by CVE-2023-40510 where the getServerSetting method exposes plaintext credentials, allowing remote attackers to bypass authentication. The issue is documented in ZDI-23-1214 and appears in multiple feeds (NVD/NVD-related entries). The available sources describe an aut...

7.5CVSS7.7AI score0.01267EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.53 views

CVE-2023-40505

Summary: LG Simple Editor is affected by a remote code execution via command injection in the createThumbnailByMovie method. The vulnerability arises from insufficient validation of a user-supplied string before it is used in a system call, allowing an attacker to execute code with SYSTEM privile...

9.8CVSS10AI score0.0196EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.52 views

CVE-2023-40494

LG Simple Editor (Luckin, LG Korea) is affected by a Directory Traversal vulnerability in the deleteFolder method, due to insufficient validation of a user-supplied path. This allows remote attackers to delete arbitrary files with SYSTEM context, without authentication. Multiple sources (includin...

9.1CVSS8.2AI score0.84357EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.52 views

CVE-2023-40500

The CVE-2023-40500 entry covers LG Simple Editor: a remote code execution via the copyContent function caused by unvalidated user-supplied paths in file operations. It enables network-remote execution with no authentication, leading to SYSTEM-level code execution. Documented in ZDI-23-1206 and ec...

9.8CVSS9.9AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.51 views

CVE-2023-40493

LG Simple Editor is affected by a remote code execution through copySessionFolder Directory Traversal. The flaw arises from insufficient validation of a user-supplied path used in file operations, enabling an attacker to execute code in the SYSTEM context without authentication. Affected product:...

9.8CVSS9.9AI score0.02388EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.50 views

CVE-2023-40492

LG Simple Editor vulnerability (CVE-2023-40492) in deleteCheckSession: a directory traversal flaw allows remote attackers to delete arbitrary files without authentication, executing with SYSTEM privileges. Root cause is lack of validation of a user-supplied path before file operations. Connected ...

9.1CVSS8.2AI score0.84357EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.49 views

CVE-2023-40501

Summary: CVE-2023-40501 affects LG Simple Editor. The flaw is in the implementation of the copyContent command, caused by an exposed dangerous function, allowing remote attackers to execute code in the SYSTEM context with no authentication over the network. Multiple connected sources (ZDI advisor...

9.8CVSS9.9AI score0.01483EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.49 views

CVE-2023-40514

The CVE-2023-40514 issue affects LG Simple Editor, specifically the FileManagerController.getImageByFilename method, where a lack of validation for a user-supplied path enables directory traversal information disclosure. The vulnerability allows remote attackers to disclose sensitive information ...

6.5CVSS6.2AI score0.02733EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.48 views

CVE-2023-40508

LG Simple Editor exposes CVE-2023-40508: a Directory Traversal in putCanvasDB allows an unauthenticated attacker to delete arbitrary files, executing in SYSTEM context. The flaw stems from insufficient validation of a user-supplied path before file operations in putCanvasDB, with exploitation via...

9.1CVSS8.2AI score0.01998EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.48 views

CVE-2023-40516

CVE-2023-40516 affects LG Simple Editor. The issue is in the product installer which sets incorrect permissions on folders, enabling a local attacker with low privileges to escalate to SYSTEM and execute arbitrary code. Documents confirm local privilege escalation and do not provide patch/version...

7.8CVSS7.8AI score0.0023EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.47 views

CVE-2023-40495

CVE-2023-40495 affects LG Simple Editor. The vulnerability lies in the copyTemplateAll method, where a user-supplied path is not properly validated before file operations, enabling a directory traversal information disclosure in the SYSTEM context. Exploitation is possible remotely without authen...

7.5CVSS7.2AI score0.77245EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.47 views

CVE-2023-40497

CVE-2023-40497 – LG Simple Editor : The vulnerability lies in the saveXml command of the makeDetailContent method, where a user-supplied path is not properly validated before use in file operations. This directory traversal flaw allows an attacker to execute arbitrary code with SYSTEM privileges ...

9.8CVSS10AI score0.67414EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.47 views

CVE-2023-40499

LG Simple Editor contains a directory traversal vulnerability in the mkdir implementation of makeDetailContent that fails to validate a user-supplied path before file operations. This allows remote attackers to delete arbitrary files on the host in SYSTEM context, without authentication. Public d...

9.1CVSS8.3AI score0.01998EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.46 views

CVE-2023-40496

LG Simple Editor copyStickerContent Directory Traversal Information Disclosure vulnerability (CVE-2023-40496) allows remote attackers to disclose sensitive information without authentication. The flaw arises from insufficient validation of a user-supplied path in the copyStickerContent command, e...

7.5CVSS7.2AI score0.77245EPSS