Path traversal in Simple Editor - CVE-2023-40498
Published: August 25, 2023 / Updated: September 7, 2023
Vulnerability identifier: #VU79988
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2023-40498
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: LG Electronics
Affected software:
Simple Editor
Simple Editor
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the cp command implemented in the makeDetailContent method. A remote attacker can send a specially crafted HTTP request and copy files to an arbitrary location on the system.
Successful exploitation of the vulnerability may allows an attacker to compromise the affected system.
How to mitigate CVE-2023-40498
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.