Lucene search

[email protected]CVE-2008-6593

HistoryApr 03, 2009 - 6:30 p.m.

CVE-2008-6593

2009-04-0318:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6593

sql injection

lightneasy

vulnerability

remote attackers

php code

comments.dat

index.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.

Affected configurations

NVD

Node

lightneasylightneasyMatch1.2.2no_database

sqlitesqliteMatch1.2.2

CPENameOperatorVersion
lightneasy:lightneasylightneasyeq1.2.2
sqlite:sqlitesqliteeq1.2.2

CPE	Name	Operator	Version
lightneasy:lightneasy	lightneasy	eq	1.2.2
sqlite:sqlite	sqlite	eq	1.2.2

References

secunia.com/advisories/29833

www.osvdb.org/44675

www.securityfocus.com/archive/1/491064/100/0/threaded

www.securityfocus.com/bid/28801

exchange.xforce.ibmcloud.com/vulnerabilities/42009

www.exploit-db.com/exploits/5452

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2008-6593

nvd5 prion5 cvelist5 cve4 ubuntucve2 debiancve2