CVE-2008-6592
N/A
N/A
Summary
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/28801
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.osvdb.org/44674
- http://secunia.com/advisories/29833
- https://www.exploit-db.com/exploits/5452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
References
- http://www.securityfocus.com/bid/28801
- http://www.securityfocus.com/archive/1/491064/100/0/threaded
- http://www.osvdb.org/44674
- http://secunia.com/advisories/29833
- https://www.exploit-db.com/exploits/5452
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.