Description
thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Symposium SQL Injection (15.5.1)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)
SharePoint Improper Privilege Management Vulnerability (CVE-2021-1712)
Zope Web Application Server Other Vulnerability (CVE-2000-0725)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)