CVE-2009-4585

UranyumSoft Listing Service - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4585. PoCs published by LionTurk.

AI-analyzed exploit summary This is a writeup describing a database disclosure vulnerability in UranyumSoft Ýlan Servisi. It provides the path to the exposed database file and mentions the admin page but does not include functional exploit code.

Description

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by LionTurk · textwebappsasp
https://www.exploit-db.com/exploits/10823

This is a writeup describing a database disclosure vulnerability in UranyumSoft Ýlan Servisi. It provides the path to the exposed database file and mentions the admin page but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: UranyumSoft Ýlan Servisi
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10823
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/61396
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37912
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55220

Scores

EPSS 0.0259
EPSS Percentile 83.3%

Details

CWE
CWE-264
Status published
Products (1)
aspindir/uranyumsoft_listing_service
Published Jan 06, 2010
Tracked Since Feb 18, 2026