cbcvebase.
CVE-2018-16288
published 2018-09-14

CVE-2018-16288: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

PriorityP269high8.6CVSS 3.0
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
35.26%
98.2th percentile
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.

Affected

1 ranges
VendorProductVersion rangeFixed in
lgsupersign_cms

Detection & IOCsextracted from sources · hover to see the quote

url/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd
port9080
path/signEzUI/playlist/edit/upload/..%2f
  • Detect unauthenticated HTTP GET requests to the vulnerable LFI path on port 9080 containing path traversal sequences (%2f..%2f) targeting /signEzUI/playlist/edit/upload/
  • No authentication is required to exploit this LFI; alert on any request to the vulnerable path regardless of session/auth headers
  • A successful exploitation response will contain Unix passwd file content matching root:.*:0:0: with HTTP 200 status
  • ·The exploit was tested specifically against Web OS 4.0; behavior on other versions may differ
  • ·The vulnerable service listens on port 9080; ensure network monitoring covers this non-standard HTTP port

CVSS provenance

nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.