CVE-2010-4751 Information

Description

SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1 when magic_quotes_gpc is disabled allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action a different vector than CVE-2008-6593 CVE-2010-3484 and CVE-2010-3485.

Reference

http://holisticinfosec.org/content/view/168/45/ http://secunia.com/advisories/42391 http://www.lightneasy.org/punbb/viewtopic.php?id=1207 http://www.securityfocus.com/bid/45230 https://exchange.xforce.ibmcloud.com/vulnerabilities/63723