CVE-2009-0571

Ninja Designs Mailist <3.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0571. PoCs published by SirGod.

AI-analyzed exploit summary The document details two vulnerabilities in Mailist 3.0: an insecure backup mechanism allowing prediction of backup filenames and a local file inclusion (LFI) vulnerability in send.php. It includes technical analysis of the vulnerable code and proof-of-concept examples.

Description

admin.php in Ninja Designs Mailist 3.0 stores backup copies of maillist.php under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the backup directory.

Exploits (1)

exploitdb WRITEUP VERIFIED
by SirGod · textwebappsphp
https://www.exploit-db.com/exploits/8001

The document details two vulnerabilities in Mailist 3.0: an insecure backup mechanism allowing prediction of backup filenames and a local file inclusion (LFI) vulnerability in send.php. It includes technical analysis of the vulnerable code and proof-of-concept examples.

Classification
Writeup 90%
Attack Type
Info Leak | Lfi
Complexity
Trivial
Reliability
Reliable
Target: Mailist 3.0
No auth needed
Prerequisites: knowledge of backup creation date for insecure backup exploit · ability to send crafted HTTP requests for LFI
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33682
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8001

Scores

EPSS 0.0233
EPSS Percentile 81.3%

Details

CWE
CWE-264
Status published
Products (1)
ninjadesigns/mailist 3.0
Published Feb 13, 2009
Tracked Since Feb 18, 2026