CVE-2008-6537

Lightneasy - Information Disclosure

Title source: rule

Description

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · perlwebappsphp

https://www.exploit-db.com/exploits/5425

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41768

[Vendor Advisory] http://secunia.com/advisories/29757

[Third Party Advisory, VDB Entry] http://osvdb.org/44397

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5425

Scores

EPSS 0.0352

EPSS Percentile 87.7%

Details

CWE

CWE-200

Status published

Products (1)

lightneasy/lightneasy 1.2

Published Mar 30, 2009

Tracked Since Feb 18, 2026