CVE-2023-40495
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-19922.
Vulnerabilidad de divulgación de información Directory Traversal de LG Simple Editor copyTemplateAll. Esta vulnerabilidad permite a atacantes remotos revelar información confidencial sobre las instalaciones afectadas de LG Simple Editor. No se requiere autenticación para aprovechar esta vulnerabilidad. La falla específica existe dentro del método copyTemplateAll. El problema se debe a la falta de validación adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para revelar información en el contexto de SYSTEM. Fue ZDI-CAN-19922.
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
. Was ZDI-CAN-19922.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the copyTemplateAll method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-08-14 CVE Reserved
- 2023-08-24 CVE Published
- 2024-05-03 EPSS Updated
- 2024-09-18 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-1201 | X_research Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
LG Search vendor "LG" | Simple Editor Search vendor "LG" for product "Simple Editor" | 3.21.0 Search vendor "LG" for product "Simple Editor" and version "3.21.0" | en |
Affected
|