CVE-2008-6592

Sažetak

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

Reference

http://secunia.com/advisories/29833
http://www.osvdb.org/44674
http://www.securityfocus.com/archive/1/491064/100/0/threaded
http://www.securityfocus.com/bid/28801
https://exchange.xforce.ibmcloud.com/vulnerabilities/49851
https://www.exploit-db.com/exploits/5452

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:57

Objavljeno

03-04-2009 - 18:30