CVE-2008-6592 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-6592 Interim 1 3 2021-06-09T08:47:49Z current 2021-05-30T12:45:17Z 2021-06-09T08:47:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-6592 thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte). CVE-2008-6592 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P