Lucene search

[email protected]CVE-2008-6537

HistoryMar 30, 2009 - 1:30 a.m.

CVE-2008-6537

2009-03-3001:30:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2008-6537

lightneasy

security vulnerability

remote attack

password hash

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

91.1%

JSON

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup “do” action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

CPENameOperatorVersion
lightneasy:lightneasylightneasyeq1.2

CPE	Name	Operator	Version
lightneasy:lightneasy	lightneasy	eq	1.2

References

osvdb.org/44397

secunia.com/advisories/29757

exchange.xforce.ibmcloud.com/vulnerabilities/41768

www.exploit-db.com/exploits/5425

7.6 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2008-6537

prion1 cvelist1