FKIE_CVE-2008-5885

Vulnerability from fkie_nvd - Published: 2009-01-12 20:00 - Updated: 2026-04-23 00:35
Severity
Summary
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://secunia.com/advisories/33130Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/4898
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47325
cve@mitre.orghttps://www.exploit-db.com/exploits/7446
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33130Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4898
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47325
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/7446
Impacted products
Vendor Product Version
thenetguys aspired2quote _nil_
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:thenetguys:aspired2quote:_nil_:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA232D1-4D13-4F9B-AE3F-C46F28182EA6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "The Net Guys ASPired2Quote almacena informaci\u00f3n sensible por debajo del directorio ra\u00edz web, con un control de acceso insuficiente, lo que permite a atacantes remotos descargar el fichero de la base de datos que contiene nombres de usuarios y claves, a trav\u00e9s de una petici\u00f3n directa a   admin/quote.mdb. NOTA: algunos de estos detalles han sido obtenidos a partir de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2008-5885",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-12T20:00:02.390",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33130"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4898"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47325"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/7446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/7446"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.