PT-2010-4853 · Lightneasy · Lightneasy
Publicado
2010-09-22
·
Atualizado
2010-09-23
·
CVE-2010-3485
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
LightNEasy version 3.2.1
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
userhandle cookie to "LightNEasy.php".Recommendations
For version 3.2.1, consider restricting access to the
userhandle cookie to minimize the risk of exploitation. As a temporary workaround, avoid using the userhandle cookie in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
RCE
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Lightneasy