CVE-2008-5931

Net Guys ASPired2Blog - Info Disclosure

Title source: llm

Description

The Net Guys ASPired2Blog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/blog.mdb. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Pouya_Server · textwebappsasp

https://www.exploit-db.com/exploits/7436

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/33134

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47294

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7436

[Third Party Advisory] http://securityreason.com/securityalert/4931

Scores

EPSS 0.0537

EPSS Percentile 89.9%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

the_net_guys/aspired2blog

Timeline

Published Jan 21, 2009

Tracked Since Feb 18, 2026