25 matches found
CVE-2023-40504
LG Simple Editor (affected: Windows, = 3.x) where the vulnerability is fixed.
CVE-2023-40498
LG Simple Editor (cp command in makeDetailContent) suffers a directory-traversal vulnerability leading to remote code execution with SYSTEM context. Lack of validation on user-supplied paths in file operations is the root cause. Affected product is LG Simple Editor; CVE-2023-40498 is documented a...
CVE-2023-40502
LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability affects LG Simple Editor. The flaw stems from improper validation of a user-supplied path in the cropImage command, allowing remote attackers to delete arbitrary files with SYSTEM context. Affected components inc...
CVE-2023-40513
CVE-2023-40513 – LG Simple Editor : The issue affects LG Simple Editor’s UserManageController.getImageByFilename, caused by insufficient validation of a user-supplied path before file operations. This directory-traversal leads to information disclosure under SYSTEM context. The vulnerability is p...
CVE-2023-40509
LG Simple Editor has a directory-traversal vulnerability in the deleteCanvas method that allows remote attackers to delete arbitrary files in the SYSTEM context. The issue stems from insufficient validation of a user-supplied path prior to file operations, with authentication not required and net...
CVE-2023-40507
The provided sources confirm a concrete vulnerability in LG Simple Editor: an XML External Entity (XXE) handling flaw in the copyContent command. A crafted document with a URI causes the XML parser to fetch the URI and embed its contents back into the XML, allowing a remote attacker to disclose i...
CVE-2023-40515
CVE-2023-40515 concerns LG Simple Editor. The vulnerability is in the joinAddUser method and stems from improper input validation , enabling an unauthenticated remote attacker to cause a denial-of-service condition. Across the connected documents, there are no concrete details on affected version...
CVE-2023-40503
CVE-2023-40503 concerns LG Simple Editor. The flaw is in the saveXmlFile method, where improper restriction of XML External Entity (XXE) references allows a crafted document to cause the XML parser to fetch a URI and embed its contents back into the XML, enabling information disclosure in the SYS...
CVE-2023-40506
LG Simple Editor is affected by a XXE-based information disclosure in the copyContent command. The flaw arises from improper restriction of XML External Entity references, allowing a crafted document to cause the XML parser to fetch a URI and embed its contents back into the document (SYSTEM cont...
CVE-2023-40511
LG Simple Editor CVE-2023-40511 involves a flaw in the checkServer method that exposes plaintext credentials, enabling remote authentication bypass. The vulnerability is documented across multiple sources (e.g., ZDI-23-1215; NVD/NVD mirror; PT-Security entry) with a base score of 7.5 (HIGH) and n...
CVE-2023-40512
LG Simple Editor’s CVE-2023-40512 affects the PlayerController.getImageByFilename method, where lack of validation of a user-supplied path enables directory traversal to disclose sensitive information. The vulnerability allows remote attackers to access information in the context of SYSTEM, with ...
CVE-2023-40510
LG Simple Editor is affected by CVE-2023-40510 where the getServerSetting method exposes plaintext credentials, allowing remote attackers to bypass authentication. The issue is documented in ZDI-23-1214 and appears in multiple feeds (NVD/NVD-related entries). The available sources describe an aut...
CVE-2023-40505
Summary: LG Simple Editor is affected by a remote code execution via command injection in the createThumbnailByMovie method. The vulnerability arises from insufficient validation of a user-supplied string before it is used in a system call, allowing an attacker to execute code with SYSTEM privile...
CVE-2023-40494
LG Simple Editor (Luckin, LG Korea) is affected by a Directory Traversal vulnerability in the deleteFolder method, due to insufficient validation of a user-supplied path. This allows remote attackers to delete arbitrary files with SYSTEM context, without authentication. Multiple sources (includin...
CVE-2023-40500
The CVE-2023-40500 entry covers LG Simple Editor: a remote code execution via the copyContent function caused by unvalidated user-supplied paths in file operations. It enables network-remote execution with no authentication, leading to SYSTEM-level code execution. Documented in ZDI-23-1206 and ec...
CVE-2023-40493
LG Simple Editor is affected by a remote code execution through copySessionFolder Directory Traversal. The flaw arises from insufficient validation of a user-supplied path used in file operations, enabling an attacker to execute code in the SYSTEM context without authentication. Affected product:...
CVE-2023-40492
LG Simple Editor vulnerability (CVE-2023-40492) in deleteCheckSession: a directory traversal flaw allows remote attackers to delete arbitrary files without authentication, executing with SYSTEM privileges. Root cause is lack of validation of a user-supplied path before file operations. Connected ...
CVE-2023-40501
Summary: CVE-2023-40501 affects LG Simple Editor. The flaw is in the implementation of the copyContent command, caused by an exposed dangerous function, allowing remote attackers to execute code in the SYSTEM context with no authentication over the network. Multiple connected sources (ZDI advisor...
CVE-2023-40514
The CVE-2023-40514 issue affects LG Simple Editor, specifically the FileManagerController.getImageByFilename method, where a lack of validation for a user-supplied path enables directory traversal information disclosure. The vulnerability allows remote attackers to disclose sensitive information ...
CVE-2023-40508
LG Simple Editor exposes CVE-2023-40508: a Directory Traversal in putCanvasDB allows an unauthenticated attacker to delete arbitrary files, executing in SYSTEM context. The flaw stems from insufficient validation of a user-supplied path before file operations in putCanvasDB, with exploitation via...
CVE-2023-40516
CVE-2023-40516 affects LG Simple Editor. The issue is in the product installer which sets incorrect permissions on folders, enabling a local attacker with low privileges to escalate to SYSTEM and execute arbitrary code. Documents confirm local privilege escalation and do not provide patch/version...
CVE-2023-40495
CVE-2023-40495 affects LG Simple Editor. The vulnerability lies in the copyTemplateAll method, where a user-supplied path is not properly validated before file operations, enabling a directory traversal information disclosure in the SYSTEM context. Exploitation is possible remotely without authen...
CVE-2023-40497
CVE-2023-40497 – LG Simple Editor : The vulnerability lies in the saveXml command of the makeDetailContent method, where a user-supplied path is not properly validated before use in file operations. This directory traversal flaw allows an attacker to execute arbitrary code with SYSTEM privileges ...
CVE-2023-40499
LG Simple Editor contains a directory traversal vulnerability in the mkdir implementation of makeDetailContent that fails to validate a user-supplied path before file operations. This allows remote attackers to delete arbitrary files on the host in SYSTEM context, without authentication. Public d...
CVE-2023-40496
LG Simple Editor copyStickerContent Directory Traversal Information Disclosure vulnerability (CVE-2023-40496) allows remote attackers to disclose sensitive information without authentication. The flaw arises from insufficient validation of a user-supplied path in the copyStickerContent command, e...