Lightneasy

lightneasy

Vendor: Lightneasy • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3978 1Lightneasy 1Lightneasy Apr 29, 2026 Oct 4, 2011 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) comme...Show more Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page.Show less
CVE-2010-4753 1Lightneasy 1Lightneasy Apr 29, 2026 Mar 1, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error mess...Show more Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message.Show less
CVE-2010-4752 1Lightneasy 1Lightneasy Apr 29, 2026 Mar 1, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-659...Show more SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2010-4751 1Lightneasy 1Lightneasy Apr 29, 2026 Mar 1, 2011 N/A· v4 N/A· v3 6.0 MEDIUM· v2 SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a diff...Show more SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.Show less
CVE-2010-3485 1Lightneasy 1Lightneasy Apr 29, 2026 Sep 22, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the prove...Show more SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2010-3484 1Lightneasy 1Lightneasy Apr 29, 2026 Sep 22, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.
CVE-2009-1937 1Lightneasy 1Lightneasy Apr 23, 2026 Jun 5, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname...Show more Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-6593 2Lightneasy Sqlite 2Lightneasy Sqlite Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
CVE-2008-6592 2Lightneasy Sqlite 2Lightneasy Sqlite Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the imag...Show more thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).Show less
CVE-2008-6591 1Lightneasy 1Lightneasy Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.
CVE-2008-6590 2Lightneasy Sqlite 2Lightneasy Sqlite Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page paramete...Show more Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.Show less
CVE-2008-6589 2Lightneasy Sqlite 2Lightneasy Sqlite Apr 23, 2026 Apr 3, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page para...Show more Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.Show less
CVE-2008-6537 1Lightneasy 1Lightneasy Apr 23, 2026 Mar 30, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later...Show more LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.Show less