Vulnerabilities > Lightneasy > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-22 | CVE-2010-3485 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
| 2010-09-22 | CVE-2010-3484 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
| 2009-04-03 | CVE-2008-6593 | SQL Injection vulnerability in multiple products SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. | 7.5 |
| 2009-04-03 | CVE-2008-6592 | Path Traversal vulnerability in multiple products thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). | 7.5 |