Description

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6590

Related Vulnerabilities

WordPress Plugin CiviCRM Multiple Vulnerabilities (5.28.0)

MySQL CVE-2012-0113 Vulnerability (CVE-2012-0113)

Oracle JRE CVE-2013-0423 Vulnerability (CVE-2013-0423)

WordPress Plugin Count per Day Arbitrary File Download and Cross-Site Scripting Vulnerabilities (3.1)

WordPress Plugin Tera Charts Multiple Local File Inclusion Vulnerabilities (0.1)

Severity

Medium

Classification

CVE-2008-6590 CWE-22

Tags

Missing Update Known Vulnerabilities