Vulnerabilities > Lightneasy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-04-03 | CVE-2008-6590 | Path Traversal vulnerability in multiple products Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. | 5.0 |
2009-04-03 | CVE-2008-6589 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php. | 4.3 |
2009-03-30 | CVE-2008-6537 | Information Exposure vulnerability in Lightneasy 1.2 LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST. | 5.0 |