Vulnerability Description
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lightneasy | Lightneasy | 1.2.2 |
| Sqlite | Sqlite | 1.2.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29833Vendor Advisory
- http://www.osvdb.org/44674Exploit
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
- http://secunia.com/advisories/29833Vendor Advisory
- http://www.osvdb.org/44674Exploit
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
FAQ
What is CVE-2008-6592?
CVE-2008-6592 is a vulnerability with a CVSS score of 7.5 (HIGH). thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal s...
How severe is CVE-2008-6592?
CVE-2008-6592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6592?
Check the references section above for vendor advisories and patch information. Affected products include: Lightneasy Lightneasy, Sqlite Sqlite.