CVE-2008-6537

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lightneasy:lightneasy:1.2:*:no_database:*:*:*:*:*

History

No history.

Information

Published : 2009-03-30 01:30

Updated : 2024-02-28 11:21


NVD link : CVE-2008-6537

Mitre link : CVE-2008-6537

CVE.ORG link : CVE-2008-6537


JSON object : View

Products Affected

lightneasy

  • lightneasy
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor