CVE-2008-6147

ForumApp 3.3 - Unauthenticated Sensitive Information Exposure via Direct Database Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6147. PoCs published by Cyber.Zer0.

AI-analyzed exploit summary This exploit describes a remote database disclosure vulnerability in ForumApp V3.3, where the database files are accessible via direct URLs. No active exploit code is provided, only paths to the database files.

Description

ForumApp 3.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/8690.mdb or (2) data/8690BAK.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cyber.Zer0 · textwebappsasp
https://www.exploit-db.com/exploits/7599

This exploit describes a remote database disclosure vulnerability in ForumApp V3.3, where the database files are accessible via direct URLs. No active exploit code is provided, only paths to the database files.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ForumApp V3.3
No auth needed
Prerequisites: knowledge of target URL
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7599
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33344

Scores

EPSS 0.0223
EPSS Percentile 80.6%

Details

CWE
CWE-264
Status published
Products (1)
aspapp/forumapp 3.3
Published Feb 16, 2009
Tracked Since Feb 18, 2026