Directory traversal

2009-04-0318:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy “no database” (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

CPENameOperatorVersion
lightneasyeq1.2.2 no-database
sqliteeq1.2.2

CPE	Name	Operator	Version
	lightneasy	eq	1.2.2 no-database
	sqlite	eq	1.2.2

References

secunia.com/advisories/29833

www.osvdb.org/44674

www.securityfocus.com/archive/1/491064/100/0/threaded

www.securityfocus.com/bid/28801

exchange.xforce.ibmcloud.com/vulnerabilities/49851

www.exploit-db.com/exploits/5452