Lightneasy

Lightneasy

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2011-3978

Exploit
  • EPSS 0.35%
  • Veröffentlicht 04.10.2011 10:55:11
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomm...

6

CVE-2010-4751

  • EPSS 0.15%
  • Veröffentlicht 01.03.2011 22:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-659...

6.8

CVE-2010-4752

  • EPSS 0.16%
  • Veröffentlicht 01.03.2011 22:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010...

4.3

CVE-2010-4753

  • EPSS 0.3%
  • Veröffentlicht 01.03.2011 22:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message.

7.5

CVE-2010-3484

Exploit
  • EPSS 0.52%
  • Veröffentlicht 22.09.2010 20:00:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.

7.5

CVE-2010-3485

  • EPSS 0.39%
  • Veröffentlicht 22.09.2010 20:00:10
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is u...

4.3

CVE-2009-1937

  • EPSS 0.29%
  • Veröffentlicht 05.06.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemai...

4.3

CVE-2008-6589

Exploit
  • EPSS 0.52%
  • Veröffentlicht 03.04.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2)...

5

CVE-2008-6590

Exploit
  • EPSS 2.67%
  • Veröffentlicht 03.04.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) Lig...

5

CVE-2008-6591

Exploit
  • EPSS 0.36%
  • Veröffentlicht 03.04.2009 18:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.