CVE-2009-2602

R2 Newsletter Lite/Pro/Stats - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2602. PoCs published by TiGeR-Dz.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in R2 Newsletter Store by directly accessing the admin.mdb database file, which can leak sensitive administrative data.

Description

R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TiGeR-Dz · textwebappsasp

https://www.exploit-db.com/exploits/8849

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in R2 Newsletter Store by directly accessing the admin.mdb database file, which can leak sensitive administrative data.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: R2 Newsletter Store

No auth needed

Prerequisites: access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8849

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35312

Scores

EPSS 0.0223

EPSS Percentile 80.4%

Details

CWE

CWE-264

Status published

Products (3)

r2newsletter/r2_newsletter_lite

r2newsletter/r2_newsletter_pro

r2newsletter/r2_newsletter_stats

Published Jul 27, 2009

Tracked Since Feb 18, 2026