## https://sploitus.com/exploit?id=SAINT:7C4224BAB9ED01CC5457EC67C832C7C1
Added: 05/23/2025
CVE: CVE-2025-4632
### Background
MagicINFO is digital signage software from Samsung.
### Problem
A path traversal, unsafe file upload, and missing authentication vulnerability allows remote, unauthenticated attackers to upload arbitrary files to the server and then execute them using an HTTP request, leading to command execution.
### Resolution
No fix was available at the time of this writing. Do not use the vulnerable software until a fix is available.
### References
https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/
### Limitations
After successful exploitation, the snt*.jsp files need to be removed from the MagicInfo folder.
### Platforms
Windows