CVE-2008-6537

Published: Mar 30, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.

Affected (1)

Products: Lightneasy: Lightneasy

Lightneasy

1 product

Lightneasy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lightneasy Lightneasy	Version 1.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://osvdb.org/44397

Source: cve@mitre.org

http://secunia.com/advisories/29757

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41768

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5425

Source: cve@mitre.org

http://osvdb.org/44397

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29757

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/41768

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5425

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.