SB2023082511 - Multiple vulnerabilities in LG Simple Editor
Published: August 25, 2023 Updated: August 14, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 25 secuirty vulnerabilities.
1) XML External Entity injection (CVE-ID: CVE-2023-40503)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the saveXmlFile method. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
2) Incorrect default permissions (CVE-ID: CVE-2023-40516)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the product installer. A local user with access to the system can view contents of files and directories or modify them.
3) Exposed dangerous method or function (CVE-ID: CVE-2023-40501)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure implementation of the copyContent command. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the system.
4) Path traversal (CVE-ID: CVE-2023-40512)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the getImageByFilename method in the PlayerController class. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
5) Improper Authentication (CVE-ID: CVE-2023-40511)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the checkServer method. A remote attacker can bypass authentication process and gain unauthorized access to the application.
6) Improper Authentication (CVE-ID: CVE-2023-40510)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the getServerSetting method. A remote attacker can bypass authentication process and gain unauthorized access to the application.
7) Path traversal (CVE-ID: CVE-2023-40509)
The vulnerability allows a remote attacker to delete arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the deleteCanvas method. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
8) Path traversal (CVE-ID: CVE-2023-40508)
The vulnerability allows a remote attacker to delete arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the putCanvasDB method. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
9) XML External Entity injection (CVE-ID: CVE-2023-40507)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the implementation of the copyContent command. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
10) XML External Entity injection (CVE-ID: CVE-2023-40506)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within the implementation of the copyContent command. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
11) OS Command Injection (CVE-ID: CVE-2023-40505)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the createThumbnailByMovie method. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) OS Command Injection (CVE-ID: CVE-2023-40504)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the readVideoInfo method. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Exposed dangerous method or function (CVE-ID: CVE-2023-40500)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insecure implementation within the implementation of the copyContent command. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the system.
14) Path traversal (CVE-ID: CVE-2023-40502)
The vulnerability allows a remote attacker to delete arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the cropImage command. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
15) Path traversal (CVE-ID: CVE-2023-40499)
The vulnerability allows a remote attacker to delete arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the mkdir command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
16) Path traversal (CVE-ID: CVE-2023-40498)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the cp command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and copy files to an arbitrary location on the system.
Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.
17) Path traversal (CVE-ID: CVE-2023-40497)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the saveXml command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and overwrite arbitrary files on the system.
18) Path traversal (CVE-ID: CVE-2023-40496)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the copyStickerContent command. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
19) Path traversal (CVE-ID: CVE-2023-40495)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the copyTemplateAll method. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
20) Path traversal (CVE-ID: CVE-2023-40494)
The vulnerability allows a remote attacker to delete arbitrary files on the server.
The vulnerability exists due to input validation error when processing directory traversal sequences within the deleteFolder method. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
21) Path traversal (CVE-ID: CVE-2023-40493)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the implementation of the copySessionFolder command. A remote attacker can send a specially crafted HTTP request and compromise the affected system.
22) Path traversal (CVE-ID: CVE-2023-40492)
The vulnerability allows a remote attacker to delete arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the deleteCheckSession method. A remote attacker can send a specially crafted HTTP request and delete arbitrary files on the system.
23) Input validation error (CVE-ID: CVE-2023-40515)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the joinAddUser method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
24) Path traversal (CVE-ID: CVE-2023-40514)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the getImageByFilename method in the FileManagerController class. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
25) Path traversal (CVE-ID: CVE-2023-40513)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the getImageByFilename method in the UserManageController class. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.zerodayinitiative.com/advisories/ZDI-23-1207/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1218/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1217/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1216/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1215/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1214/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1213/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1212/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1211/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1210/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1209/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1208/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1206/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1194/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1205/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1204/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1203/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1202/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1201/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1200/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1199/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1198/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1197/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1196/
- https://www.zerodayinitiative.com/advisories/ZDI-23-1195/