Vulnerability CVE-2008-6591


Published: 2009-04-03   Modified: 2012-02-12

Description:
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.

See advisories in our WLB2 database:
Topic
Author
Date
Low
LightNEasy v.1.2.2 flat Multiple Vulnerabilities
Gerendi Sandor A...
08.04.2009

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Lightneasy -> Lightneasy 

 References:
http://www.securityfocus.com/archive/1/491064/100/0/threaded
http://www.securityfocus.com/bid/28839

Copyright 2024, cxsecurity.com

 

Back to Top