{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2008-6592","title":"Title"},{"category":"description","text":"thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy \"no database\" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte).","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2008-6592","url":"https://www.suse.com/security/cve/CVE-2008-6592"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 498819 for CVE-2008-6592","url":"https://bugzilla.suse.com/498819"}],"title":"SUSE CVE CVE-2008-6592","tracking":{"current_release_date":"2025-07-03T00:33:08Z","generator":{"date":"2023-02-15T06:05:45Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2008-6592","initial_release_date":"2023-02-15T06:05:45Z","revision_history":[{"date":"2023-02-15T06:05:45Z","number":"2","summary":"Current version"},{"date":"2025-06-26T05:56:27Z","number":"3","summary":"Current version"},{"date":"2025-07-03T00:33:08Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}