Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3485 — SQL Injection in Lightneasy

CWE-89 — SQL Injection10 documents6 sources

Severity

7.5HIGHNVD

NVD6.8NVD6.0

EPSS

0.4%

top 40.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Osgeo Mapserver Debian Mapserver Lightneasy

Timeline

PublishedSep 22

Latest updateMay 17

Description

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDlightneasy/lightneasy3.2.1

▶debiandebian/mapserver< mapserver 5.6.4-1 (bookworm)

▶Debianosgeo/mapserver< 5.6.4-1+3

🔴Vulnerability Details

GHSA

GHSA-x7hq-3wxf-fwcv: SQL injection vulnerability in common↗2022-05-17

▶

GHSA

GHSA-f4hr-f9q4-xw2j: SQL injection vulnerability in LightNEasy↗2022-05-17

▶

GHSA

GHSA-8vff-xvp2-m6wp: SQL injection vulnerability in LightNEasy↗2022-05-17

▶

OSV

CVE-2010-3485: SQL injection vulnerability in common↗2010-09-22

▶

💥Exploits & PoCs

Exploit-DB

LightNEasy CMS 3.2.1 - Blind SQL Injection↗2010-09-20

▶

📋Vendor Advisories

Debian

CVE-2010-3485: mapserver - SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote atta...↗2010

▶

💬Community

Bugzilla

CVE-2010-2540 MapServer: Disable insecure mapserv CGI command-line debug args (Trac#3485)↗2010-07-22

▶