CVE-2008-6592: Path Traversal
First published: Fri Apr 03 2009(Updated: )
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lightneasy | =1.2.2 | |
| SQLite | =1.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-6592?
CVE-2008-6592 is considered a critical vulnerability due to its capability to allow remote attackers to read and manipulate arbitrary files.
How do I fix CVE-2008-6592?
To fix CVE-2008-6592, you should upgrade to a patched version of Thumbs-Up or implement input validation to sanitize parameters used in file paths.
Which software versions are affected by CVE-2008-6592?
CVE-2008-6592 affects Thumbs-Up 1.12 and earlier, as well as SQLite 1.2.2 and earlier.
What type of attack does CVE-2008-6592 exploit?
CVE-2008-6592 exploits directory traversal sequences to access files outside of the intended directory.
Can CVE-2008-6592 lead to data breaches?
Yes, CVE-2008-6592 can potentially lead to data breaches by exposing sensitive files to unauthorized users.
- agent/references
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/lightneasy
- canonical/lightneasy
- version/lightneasy/1.2.2
- vendor/sqlite
- canonical/sqlite
- version/sqlite/1.2.2