Alejandro Fanjul

3 exploits Active since Sep 2018
CVE-2018-16288 EXPLOITDB HIGH python WORKING POC
LG SuperSign CMS - Unauthenticated Arbitrary File Read via signEzUI Playlist Upload Path Traversal
LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
CVSS 8.6
CVE-2018-17173 EXPLOITDB CRITICAL python WORKING POC
LG SuperSign CMS - Remote Code Execution via sourceUri Parameter
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVSS 9.8
CVE-2018-17173 EXPLOITDB CRITICAL ruby WORKING POC
LG SuperSign CMS - Remote Code Execution via sourceUri Parameter
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVSS 9.8