CVE-2008-5127

Ocean12 Technologies Contact Manager - Access Control

Title source: rule

Description

Ocean12 Contact Manager Pro 1.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12con.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pouya_Server · textwebappsphp

https://www.exploit-db.com/exploits/7244

View Code ZIP pw:eip

References (4)

[Various Sources] http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt

[Vendor Advisory] http://secunia.com/advisories/32409

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46133

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7244

Scores

EPSS 0.0042

EPSS Percentile 61.5%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

ocean12_technologies/contact_manager

Timeline

Published Nov 18, 2008

Tracked Since Feb 18, 2026