Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3484 — SQL Injection in Lightneasy

CWE-89 — SQL Injection10 documents6 sources

Severity

7.5HIGHNVD

NVD6.8NVD6.0

EPSS

0.5%

top 33.14%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Osgeo Mapserver Debian Mapserver Lightneasy

Timeline

PublishedSep 22

Latest updateMay 17

Description

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDlightneasy/lightneasy3.2.1

▶debiandebian/mapserver< mapserver 5.6.4-1 (bookworm)

▶Debianosgeo/mapserver< 5.6.4-1+3

🔴Vulnerability Details

GHSA

GHSA-f4hr-f9q4-xw2j: SQL injection vulnerability in LightNEasy↗2022-05-17

▶

GHSA

GHSA-8vff-xvp2-m6wp: SQL injection vulnerability in LightNEasy↗2022-05-17

▶

GHSA

GHSA-f9p4-g655-vc43: SQL injection vulnerability in common↗2022-05-17

▶

OSV

CVE-2010-3484: SQL injection vulnerability in common↗2010-09-22

▶

💥Exploits & PoCs

Exploit-DB

LightNEasy CMS 3.2.1 - Blind SQL Injection↗2010-09-20

▶

📋Vendor Advisories

Debian

CVE-2010-3484: mapserver - SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote atta...↗2010

▶

💬Community

Bugzilla

CVE-2010-2539 MapServer: Buffer overflow by generating unique temporary filename(s) (Trac#3484)↗2010-07-22

▶