CVE-2008-5885

Net Guys ASPired2Quote - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5885. PoCs published by Pouya_Server.

AI-analyzed exploit summary This entry describes an information disclosure vulnerability in ASPired2Quote, where the database file (quote.mdb) is directly accessible via a predictable path. No exploit code is provided, only a URL path to the vulnerable resource.

Description

The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Pouya_Server · textwebappsasp
https://www.exploit-db.com/exploits/7446

This entry describes an information disclosure vulnerability in ASPired2Quote, where the database file (quote.mdb) is directly accessible via a predictable path. No exploit code is provided, only a URL path to the vulnerable resource.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ASPired2Quote (version unspecified)
No auth needed
Prerequisites: knowledge of the target path
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4898
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33130
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7446
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47325

Scores

EPSS 0.0628
EPSS Percentile 92.7%

Details

CWE
CWE-264
Status published
Products (1)
thenetguys/aspired2quote _nil_
Published Jan 12, 2009
Tracked Since Feb 18, 2026