Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6592

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6592
Last Modified 13 Jun 2009 01:29:44
Published 03 Apr 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6592

Summary

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

Vulnerable Systems

Application

  • Lightneasy 1.2.2

  • Sqlite 1.2.2


References

XF - lightneasy-thumbsup-file-manipulation(49851)

BID - 28801

BUGTRAQ - 20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities

OSVDB - 44674

MILW0RM - 5452

SECUNIA - 29833


Last Updated: 27 May 2016 10:49:15