CVE-2008-6591

LightNEasy 1.2.2 - Arbitrary File Creation via Page Parameter

Title source: llm
STIX 2.1

Description

LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491064/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29833
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/44678
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/44679
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28839

Scores

EPSS 0.0127
EPSS Percentile 66.3%

Details

CWE
CWE-94
Status published
Products (1)
lightneasy/lightneasy 1.2.2 (2 CPE variants)
Published Apr 03, 2009
Tracked Since Feb 18, 2026