CVE-2009-1941

PAD Site Scripts <3.6 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1941. PoCs published by TiGeR-Dz.

AI-analyzed exploit summary This exploit leverages an information disclosure vulnerability in PAD Site Scripts v3.6, allowing unauthorized access to database backups by directly accessing the dbbackup.txt file without authentication.

Description

PAD Site Scripts 3.6 stores sensitive information under the web document root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for dbbackup.txt.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TiGeR-Dz · textwebappsphp

https://www.exploit-db.com/exploits/8850

View Code ZIP pw:eip

This exploit leverages an information disclosure vulnerability in PAD Site Scripts v3.6, allowing unauthorized access to database backups by directly accessing the dbbackup.txt file without authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PAD Site Scripts v3.6

No auth needed

Prerequisites: Target must have PAD Site Scripts v3.6 installed · The dbbackup.txt file must be accessible via direct URL

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8850

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/50911

Scores

EPSS 0.0229

EPSS Percentile 80.9%

Details

CWE

CWE-264

Status published

Products (1)

phpeasycode/pad_site_scripts 3.6

Published Jun 05, 2009

Tracked Since Feb 18, 2026