NotCVE - vendor:"Lg" product:"Supersign Cms" version:"2.5"

2 results (0.003 seconds)

CVSS: 9.8EPSS: 68%CPEs: 1EXPL: 5

CVE-2018-17173 – LG Supersign EZ CMS - Remote Code Execution

https://notcve.org/view.php?id=CVE-2018-17173

21 Sep 2018 — LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. LG SuperSign CMS permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro sourceUri en qsr_server/device/getThumbnail. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. • https://packetstorm.news/files/id/152733 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.6EPSS: 63%CPEs: 1EXPL: 3

CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2018-16288

14 Sep 2018 — LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://packetstorm.news/files/id/149437 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •