← Retour aux CVEs
CVE-2008-6592
N/ADescription
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Details CVE
Score CVSS v3.1N/A
Publie4/3/2009
Derniere modification4/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
lightneasy:lightneasysqlite:sqlite
Faiblesses (CWE)
CWE-22
References
http://secunia.com/advisories/29833(cve@mitre.org)
http://www.osvdb.org/44674(cve@mitre.org)
http://www.securityfocus.com/archive/1/491064/100/0/threaded(cve@mitre.org)
http://www.securityfocus.com/bid/28801(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49851(cve@mitre.org)
https://www.exploit-db.com/exploits/5452(cve@mitre.org)
http://secunia.com/advisories/29833(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/44674(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/491064/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28801(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49851(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/5452(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.