CVE-2008-6592

LightNEasy - Path Traversal and Arbitrary File Access via thumbsup.php Image Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6592. PoCs published by girex.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in LightNEasy CMS <= 1.2.2, including remote file disclosure, arbitrary file copy/rename, remote command execution via PHP injection, and SQL injection. The PoC provides clear steps and endpoints for exploitation.

Description

thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).

Exploits (1)

exploitdb WORKING POC VERIFIED

by girex · textwebappsphp

https://www.exploit-db.com/exploits/5452

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in LightNEasy CMS <= 1.2.2, including remote file disclosure, arbitrary file copy/rename, remote command execution via PHP injection, and SQL injection. The PoC provides clear steps and endpoints for exploitation.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: LightNEasy CMS <= 1.2.2 (SQLite/no database)

No auth needed

Prerequisites: magic_quotes_gpc = Off for some exploits · admin-created news for RCE · Thumbsup v1.12 included

MITRE ATT&CK