CVE-2023-40515 HIGH

CVE-2023-40515: LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability

Vendor Lg

Product Simple Editor

Weakness CWE-20 · Input validation

Published May 3, 2024

Last update September 18, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the joinAddUser method. The issue results from improper input validation. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-20048.

Key dates

02Disclosure timeline

May 3, 2024 CVE published

September 18, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-40515

Related vulnerabilities

CVE-2023-40515: LG Simple Editor joinAddUser Improper Input Validation Denial-of-Service Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE