CVE-2008-6593

LightNEasy SQLite <= 1.2.2 - SQL Injection via dlid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6593. PoCs published by girex.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in LightNEasy CMS <= 1.2.2, including remote file disclosure, arbitrary file copy/rename, remote command execution via PHP injection, and SQL injection. The PoC provides clear steps and endpoints for exploitation.

Description

SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · textwebappsphp

https://www.exploit-db.com/exploits/5452

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in LightNEasy CMS <= 1.2.2, including remote file disclosure, arbitrary file copy/rename, remote command execution via PHP injection, and SQL injection. The PoC provides clear steps and endpoints for exploitation.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: LightNEasy CMS <= 1.2.2 (SQLite/no database)

No auth needed

Prerequisites: magic_quotes_gpc = Off for some exploits · admin-created news for RCE · Thumbsup v1.12 included

MITRE ATT&CK