CVE-2009-4799

Diskos CMS 6.x - Unauthenticated Sensitive Information Exposure via Direct Database File Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4799. PoCs published by AnGeL25dZ.

AI-analyzed exploit summary This is a vulnerability writeup for Diskos CMS Manager, detailing SQL injection, admin bypass, and database disclosure vulnerabilities. It provides exploit URLs and credentials for bypassing authentication but does not include executable exploit code.

Description

Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by AnGeL25dZ · textwebappsasp
https://www.exploit-db.com/exploits/8307

This is a vulnerability writeup for Diskos CMS Manager, detailing SQL injection, admin bypass, and database disclosure vulnerabilities. It provides exploit URLs and credentials for bypassing authentication but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Diskos CMS Manager
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8307
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49511
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34540

Scores

EPSS 0.0259
EPSS Percentile 83.3%

Details

CWE
CWE-264
Status published
Products (1)
diskos/diskos_cms 6
Published Apr 22, 2010
Tracked Since Feb 18, 2026