CVE-2008-5608

ASP AutoDealer - Unauthenticated Sensitive Information Exposure via Direct Database File Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5608. PoCs published by ZoRLu, AlpHaNiX.

AI-analyzed exploit summary This is a writeup describing a vulnerability in ASPAutoDealer, specifically noting an exposed database file (auto.mdb) at a demo URL. No functional exploit code is provided.

Description

ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.

Exploits (2)

exploitdb WRITEUP VERIFIED
by ZoRLu · textwebappsasp
https://www.exploit-db.com/exploits/7360

This is a writeup describing a vulnerability in ASPAutoDealer, specifically noting an exposed database file (auto.mdb) at a demo URL. No functional exploit code is provided.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: ASPAutoDealer (version unspecified)
No auth needed
Prerequisites: access to the exposed database URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by AlpHaNiX · textwebappsasp
https://www.exploit-db.com/exploits/7356

This is a writeup detailing SQL injection and database disclosure vulnerabilities in Merlix ASP AutoDealer. It provides example URLs for exploitation but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Merlix ASP AutoDealer
No auth needed
Prerequisites: network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7360
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7356
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4754
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47124

Scores

EPSS 0.0285
EPSS Percentile 84.9%

Details

CWE
CWE-264
Status published
Products (1)
aspapps/asp_autodealer _nil_
Published Dec 16, 2008
Tracked Since Feb 18, 2026