VDB
CVE-2008-6592
CVE-2008-6592
PUBLISHED
CVSS 7.5 HIGH
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
EPSS 7.03% · 91.6th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
7.03%
91.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sqlite | sqlite | 1.2.2 |
| lightneasy | lightneasy | 1.2.2 |
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL confirmed: CVE-2008-6592 (circl-sighting)
- 28801 (circl)
- 20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities (circl)
- 29833 (circl)
- lightneasy-thumbsup-file-manipulation(49851) (circl)
- http://www.osvdb.org/44674 (vulncheck-nvd)
- 5452 (cve.org)
Timeline
- Apr 15, 2008 PoC Published
- Apr 3, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11055&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11050&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11079&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11053&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11059&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11049&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11046&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11048&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11057&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11062&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11056&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11045&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11058&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11047&cat=SIRT_1&actp=LIST advisory
- 28801 vdb
- 20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities mailing-list
- 44674 vdb
- 29833 third-party-advisory
- 5452 exploit
…and 2 more