Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-6537

Published: 30/03/2009 Updated: 29/09/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote malicious users to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

Vulnerable Product Search on Vulmon Subscribe to Product

lightneasy lightneasy 1.2

Exploits

Exploit DB: LightNEasy 1.2 - no database Remote Hash Retrieve
# Author: __GiReX__ # mySite: girexaltervistaorg # Date: 10/04/08 # CMS: LightNEasy 12 no database # Site: lightneasyorg # Bug: Hash Disclosure # Exploit: Remote Hash Retrieve # Bug Explanation: LightNEasy/lightneasyphp if($_GET['do']!="login" && $_GET['do']!="sitemap" && $_SESSION[$set['password']] != "1") unset($_ ...

References

CWE-200http://osvdb.org/44397http://secunia.com/advisories/29757https://exchange.xforce.ibmcloud.com/vulnerabilities/41768https://www.exploit-db.com/exploits/5425https://nvd.nist.govhttps://www.exploit-db.com/exploits/5425/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook