thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and previous versions, allows remote malicious users to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sqlite sqlite 1.2.2 |
||
lightneasy lightneasy 1.2.2 |