CVE-2008-5773

Nukedit 4.9.8 - Unauthenticated Sensitive Information Exposure via Direct Database File Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5773. PoCs published by Cyber.Zer0.

AI-analyzed exploit summary This exploit details a remote database disclosure vulnerability in Nukedit 4.9.8, where the database file (dbsite.mdb) is accessible via a direct URL. No active exploitation code is provided, only a description and example URLs.

Description

Nukedit 4.9.8 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for database/dbsite.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cyber.Zer0 · textwebappsasp
https://www.exploit-db.com/exploits/7491

This exploit details a remote database disclosure vulnerability in Nukedit 4.9.8, where the database file (dbsite.mdb) is accessible via a direct URL. No active exploitation code is provided, only a description and example URLs.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nukedit 4.9.8
No auth needed
Prerequisites: Target running Nukedit 4.9.8 with exposed database directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7491
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4840
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33165

Scores

EPSS 0.0259
EPSS Percentile 83.4%

Details

CWE
CWE-264
Status published
Products (1)
nukedit/nukedit 4.9.8
Published Dec 30, 2008
Tracked Since Feb 18, 2026