CVSS: 9.8EPSS: 87%CPEs: 1EXPL: 3CVE-2018-17173 – LG Supersign EZ CMS - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-17173
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. LG SuperSign CMS permite que los atacantes remotos ejecuten código arbitrario mediante el parámetro sourceUri en qsr_server/device/getThumbnail. LG SuperSign EZ CMS, that many LG SuperSign TVs have built-in, is prone to a remote code execution vulnerability due to an improper parameter handling. • https://www.exploit-db.com/exploits/46795 https://www.exploit-db.com/exploits/45448 http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html http://packetstormsecurity.com/files/152733/LG-Supersign-EZ-CMS-Remote-Code-Execution.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.6EPSS: 10%CPEs: 1EXPL: 2CVE-2018-16288 – LG SuperSign EZ CMS 2.5 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2018-16288
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs. LG SuperSign CMS permite la lectura de archivos arbitrarios mediante los URI signEzUI playlist edit upload ..%2f. LG SuperSign EZ CMS version 2.5 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/45440 http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •