CVE-2008-6592

2009-04-0318:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy “no database” (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

References

secunia.com/advisories/29833

www.osvdb.org/44674

www.securityfocus.com/archive/1/491064/100/0/threaded

www.securityfocus.com/bid/28801

exchange.xforce.ibmcloud.com/vulnerabilities/49851

www.exploit-db.com/exploits/5452