Description

Multiple directory traversal vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to read arbitrary files via a .. (dot dot) in the page parameter to (1) index.php and (2) LightNEasy.php.

Remediation

References

CVE-2008-6590

Related Vulnerabilities

Oracle Database Server CVE-2011-2253 Vulnerability (CVE-2011-2253)

WordPress Plugin Bliss Gallery 'upload.php' Arbitrary File Upload (2.1)

PHP mail function ASCII control character header spoofing vulnerability

WordPress Plugin Bitcoin/Altcoin Faucet Cross-Site Request Forgery (1.6.0)

WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)

Severity

Medium

Classification

CVE-2008-6590 CWE-22

Tags

Missing Update Known Vulnerabilities