Page 2 of 8 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits. LG SuperSign CMS permite la omisión de la autenticación debido a que se salta el requisito de CAPTCHA si se envía una cookie captcha:pass, y también debido a que el PIN se limita a 4 dígitos. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la subida de archivos mediante los URI signEzUI playlist edit upload ..%2f. • http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.6EPSS: 10%CPEs: 1EXPL: 2

LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/45440 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •