CVE-2018-16286
https://notcve.org/view.php?id=CVE-2018-16286
LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. LG SuperSign CMS permite la omisión de la autenticación debido a que se salta el requisito de CAPTCHA si se envía una cookie captcha:pass, y también debido a que el PIN se limita a 4 dígitos. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-287: Improper Authentication •
CVE-2018-16287
https://notcve.org/view.php?id=CVE-2018-16287
LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la subida de archivos mediante los URI signEzUI playlist edit upload ..%2f. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/45440 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •