| Vulnerability Name: | CVE-2008-6592 (CCN-49851) | ||||||||
| Assigned: | 2008-04-11 | ||||||||
| Published: | 2008-04-11 | ||||||||
| Updated: | 2018-10-11 | ||||||||
| Summary: | thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-22 | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-6592 Source: CCN Type: SA29833 LightNEasy Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 29833 Source: CCN Type: LightNEasy Web site LightNEasy - Home Source: OSVDB Type: Exploit 44674 Source: CCN Type: OSVDB ID: 44674 LightNEasy LightNEasy/thumbsup.php Multiple Variable Arbitrary File Manipulation Source: BUGTRAQ Type: UNKNOWN 20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities Source: BID Type: UNKNOWN 28801 Source: CCN Type: BID-28801 LightNEasy Multiple Input Validation Vulnerabilities Source: XF Type: UNKNOWN lightneasy-thumbsup-file-manipulation(49851) Source: XF Type: UNKNOWN lightneasy-thumbsup-file-manipulation(49851) Source: CCN Type: milw0rm.com [2008-04-10] LightNEasy 1.2 (no database) Remote Hash Retrieve Exploit Source: EXPLOIT-DB Type: UNKNOWN 5452 | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||