CVE-2023-40506 in Simple Editorالمعلومات

الملخص

بحسب MITRE • 03/05/2024

LG Simple Editor copyContent XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the copyContent command. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. . Was ZDI-CAN-20005.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

حجز

14/08/2023

إفشاء

03/05/2024

الاعتدال

تمت الموافقة

إدخال

VDB-237991

EPSS

0.01271

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!