Vulnerability Details CVE-2008-6592
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.05
EPSS Ranking 89.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/29833
- http://www.osvdb.org/44674
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
- http://secunia.com/advisories/29833
- http://www.osvdb.org/44674
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
Products affected by CVE-2008-6592
-
cpe:2.3:a:lightneasy:lightneasy:1.2.2
-
cpe:2.3:a:sqlite:sqlite:1.2.2