Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2008-6592
- EPSS 3.89%
- Published 03.04.2009 18:30:00
- Last modified 09.04.2025 00:30:58
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified ca...
7.5
CVE-2008-6593
- EPSS 0.37%
- Published 03.04.2009 18:30:00
- Last modified 09.04.2025 00:30:58
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
- EPSS 3.16%
- Published 30.03.2009 01:30:00
- Last modified 09.04.2025 00:30:58
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.