← back
CVE-2008-6592

CVE-2008-6592

EPSS 2.9%
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5452unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/29833https://exchange.xforce.ibmcloud.com/vulnerabilities/49851https://www.exploit-db.com/exploits/5452http://www.osvdb.org/44674http://www.securityfocus.com/archive/1/491064/100/0/threadedhttp://www.securityfocus.com/bid/28801