CVE-2008-5601

User Engine Lite ASP - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5601. PoCs published by AlpHaNiX.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in User Engine ASP Lite. The exploit involves accessing a sensitive file (users.mdb) directly via a URL, which may contain user credentials or other sensitive data.

Description

User Engine Lite ASP stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for users.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by AlpHaNiX · textwebappsphp
https://www.exploit-db.com/exploits/7338

This is a writeup describing an information disclosure vulnerability in User Engine ASP Lite. The exploit involves accessing a sensitive file (users.mdb) directly via a URL, which may contain user credentials or other sensitive data.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: User Engine ASP Lite
No auth needed
Prerequisites: Target must be running User Engine ASP Lite with the users.mdb file accessible via a predictable path.
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32993
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4758
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/50439
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7338

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-264
Status published
Products (1)
robs-projects/asp_user_engine _nil_ lite
Published Dec 16, 2008
Tracked Since Feb 18, 2026