Lg Simple Editor vulnerabilities
25 known vulnerabilities affecting lg/simple_editor.
Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL13HIGH9MEDIUM3
Vulnerabilities
Page 1 of 2
CVE-2023-40504P1CRITICALCVSS 9.8PoCv3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40504 [CRITICAL] CWE-78 CVE-2023-40504: LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerabi
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the readVideoInfo method. The issue results from the
nvd
CVE-2023-40498P1CRITICALCVSS 9.8PoCv3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40498 [CRITICAL] CWE-22 CVE-2023-40498: LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerabil
LG Simple Editor cp Command Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the cp command implemented in the makeDetailContent me
nvd
CVE-2023-40497P1CRITICALCVSS 9.8v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40497 [CRITICAL] CWE-22 CVE-2023-40497: LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability
LG Simple Editor saveXml Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the saveXml command implemented in the makeDetailContent
nvd
CVE-2023-40492P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40492 [CRITICAL] CWE-22 CVE-2023-40492: LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This
LG Simple Editor deleteCheckSession Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the deleteCheckSession method. The issue resu
nvd
CVE-2023-40494P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40494 [CRITICAL] CWE-22 CVE-2023-40494: LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulner
LG Simple Editor deleteFolder Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the deleteFolder method. The issue results from th
nvd
CVE-2023-40502P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40502 [CRITICAL] CWE-22 CVE-2023-40502: LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerabi
LG Simple Editor cropImage Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the cropImage command. The issu
nvd
CVE-2023-40495P2HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40495 [HIGH] CWE-22 CVE-2023-40495: LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vuln
LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the copyTemplateAll method. The issue result
nvd
CVE-2023-40496P2HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40496 [HIGH] CWE-22 CVE-2023-40496: LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This v
LG Simple Editor copyStickerContent Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copyStickerCont
nvd
CVE-2023-40493P2CRITICALCVSS 9.8v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40493 [CRITICAL] CWE-22 CVE-2023-40493: LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vul
LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copySessionFolder com
nvd
CVE-2023-40505P2CRITICALCVSS 9.8v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40505 [CRITICAL] CWE-78 CVE-2023-40505: LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This
LG Simple Editor createThumbnailByMovie Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the createThumbnailByMovie method. The issue
nvd
CVE-2023-40500P2CRITICALCVSS 9.8v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40500 [CRITICAL] CWE-749 CVE-2023-40500: LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vu
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copyContent command
nvd
CVE-2023-40501P2CRITICALCVSS 9.8v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40501 [CRITICAL] CWE-749 CVE-2023-40501: LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vu
LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copyContent command
nvd
CVE-2023-40509P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40509 [CRITICAL] CWE-22 CVE-2023-40509: LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulner
LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the deleteCanvas method. The issue results from th
nvd
CVE-2023-40508P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40508 [CRITICAL] CWE-22 CVE-2023-40508: LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnera
LG Simple Editor putCanvasDB Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the putCanvasDB method. The issue results from the
nvd
CVE-2023-40499P2CRITICALCVSS 9.1v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40499 [CRITICAL] CWE-22 CVE-2023-40499: LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability
LG Simple Editor mkdir Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the mkdir command implemented in the makeDetailContent me
nvd
CVE-2023-40510P3HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40510 [HIGH] CWE-200 CVE-2023-40510: LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows rem
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the getServerSetting method. The issue results from the exposure of plai
nvd
CVE-2023-40511P3HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40511 [HIGH] CWE-200 CVE-2023-40511: LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote a
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext cred
nvd
CVE-2023-40507P3HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40507 [HIGH] CWE-611 CVE-2023-40507: LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. Th
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copyConten
nvd
CVE-2023-40506P3HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40506 [HIGH] CWE-611 CVE-2023-40506: LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. Th
LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the copyConten
nvd
CVE-2023-40503P3HIGHCVSS 7.5v3.21.0vLG Simple Editor 3.21.02024-05-03
CVE-2023-40503 [HIGH] CWE-611 CVE-2023-40503: LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. Th
LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the saveXmlFile method. Due to the i
nvd
1 / 2Next →