Vulnerabilities > Lightneasy > Lightneasy > 3.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-01 | CVE-2010-4753 | Cross-Site Scripting vulnerability in Lightneasy 3.2.1 Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message. | 4.3 |
2011-03-01 | CVE-2010-4752 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. | 6.8 |
2011-03-01 | CVE-2010-4751 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. | 6.0 |
2010-09-22 | CVE-2010-3485 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
2010-09-22 | CVE-2010-3484 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |