CVE-2023-27652

Published: Apr 20, 2023Modified: Feb 5, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file.

Affected (2)

Products: Egostudiogroup: Super Clean

Egostudiogroup

1 product

Super Clean

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Egostudiogroup Super Clean	Version 1.1.5
Egostudiogroup Super Clean	Version 1.1.9

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

http://www.egostudiogroup.com/

Source: cve@mitre.org

Product

https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download

Source: cve@mitre.org

Product

https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27652/CVE%20detail.md

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.egostudiogroup.com/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://apkpure.com/cn/super-clean-phone-cleaner/com.egostudio.clean/download

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/LianKee/SODA/blob/main/CVEs/CVE-2023-27652/CVE%20detail.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.