Unrated severityNVD Advisory· Published Apr 3, 2009· Updated Apr 23, 2026

CVE-2008-6592

Description

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

Affected products

Lightneasy/Lightneasy
cpe:2.3:a:lightneasy:lightneasy:1.2.2:*:no_database:*:*:*:*:*
SQLite/SQLite
cpe:2.3:a:sqlite:sqlite:1.2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.osvdb.org/44674nvdExploit
secunia.com/advisories/29833nvdVendor Advisory
www.securityfocus.com/archive/1/491064/100/0/threadednvd
www.securityfocus.com/bid/28801nvd
exchange.xforce.ibmcloud.com/vulnerabilities/49851nvd
www.exploit-db.com/exploits/5452nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000