« List of all CVEs

CVE-2008-6592

Published: 4/3/2009 Last updated: 8/7/2024 Reserved: 4/3/2009

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (4)

conf-mingw-w64-sqlite3-i686 conf-mingw-w64-sqlite3-x86_64 conf-sqlite3 lemonade-sqlite

Products affected (1)

Product Vendor Version
n/a n/a 2013 RT Service Pack 1

References (12)