#VU79988 Path traversal in Simple Editor - CVE-2023-40498
Published: August 25, 2023 / Updated: September 7, 2023
Vulnerability identifier: #VU79988
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-40498
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Simple Editor
Simple Editor
Software vendor:
LG Electronics
LG Electronics
Description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the cp command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and copy files to an arbitrary location on the system.
Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.