CVE-2008-6537

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Configurations

Configuration 1 (hide)

cpe:2.3:a:lightneasy:lightneasy:1.2:*:no_database:*:*:*:*:*

History

21 Nov 2024, 00:56

Type Values Removed Values Added
References () http://osvdb.org/44397 - () http://osvdb.org/44397 -
References () http://secunia.com/advisories/29757 - Vendor Advisory () http://secunia.com/advisories/29757 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/41768 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/41768 -
References () https://www.exploit-db.com/exploits/5425 - () https://www.exploit-db.com/exploits/5425 -

Information

Published : 2009-03-30 01:30

Updated : 2024-11-21 00:56


NVD link : CVE-2008-6537

Mitre link : CVE-2008-6537

CVE.ORG link : CVE-2008-6537


JSON object : View

Products Affected

lightneasy

  • lightneasy
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor