CVE-2008-5606

Gazatem QMail Mailing List Manager 1.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5606. PoCs published by Ghost Hacker.

AI-analyzed exploit summary This exploit describes an information disclosure vulnerability in QMail Mailing List Manager 1.2, where the database file (qmail.mdb) can be accessed directly via a predictable path. No actual exploit code is provided, only a URL path to the vulnerable resource.

Description

Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ghost Hacker · textwebappsasp
https://www.exploit-db.com/exploits/7376

This exploit describes an information disclosure vulnerability in QMail Mailing List Manager 1.2, where the database file (qmail.mdb) can be accessed directly via a predictable path. No actual exploit code is provided, only a URL path to the vulnerable resource.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: QMail Mailing List Manager 1.2
No auth needed
Prerequisites: knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4764
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33008
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47152
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7376

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-264
Status published
Products (1)
gazatem_technologies/qmail_mailing_list_manager 1.2
Published Dec 16, 2008
Tracked Since Feb 18, 2026