Vulnerability Details CVE-2008-6592
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.039
EPSS Ranking 87.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/29833
- http://www.osvdb.org/44674
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
- http://secunia.com/advisories/29833
- http://www.osvdb.org/44674
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.securityfocus.com/bid/28801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
- https://www.exploit-db.com/exploits/5452
Products affected by CVE-2008-6592
-
cpe:2.3:a:lightneasy:lightneasy:1.2.2
-
cpe:2.3:a:sqlite:sqlite:1.2.2