← back
CVE-2008-6537

CVE-2008-6537

EPSS 6.3%
LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows remote attackers to obtain the hash of the administrator password via the setup "do" action to LightNEasy.php, which is cleared from $_GET but later accessed using $_REQUEST.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5425unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/44397http://secunia.com/advisories/29757https://exchange.xforce.ibmcloud.com/vulnerabilities/41768https://www.exploit-db.com/exploits/5425