Lucene search

[email protected]CVE-2008-6592

HistoryApr 03, 2009 - 6:30 p.m.

CVE-2008-6592

2009-04-0318:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-6592

thumbs-up

directory traversal

remote attack

file manipulation

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy “no database” (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

Affected configurations

NVD

Node

lightneasylightneasyMatch1.2.2no_database

sqlitesqliteMatch1.2.2

CPENameOperatorVersion
lightneasy:lightneasylightneasyeq1.2.2
sqlite:sqlitesqliteeq1.2.2

CPE	Name	Operator	Version
lightneasy:lightneasy	lightneasy	eq	1.2.2
sqlite:sqlite	sqlite	eq	1.2.2

References

secunia.com/advisories/29833

www.osvdb.org/44674

www.securityfocus.com/archive/1/491064/100/0/threaded

www.securityfocus.com/bid/28801

exchange.xforce.ibmcloud.com/vulnerabilities/49851

www.exploit-db.com/exploits/5452

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2008-6592

cvelist1 nvd1 prion1