CVE-2008-5980

Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/32929	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47023
https://www.exploit-db.com/exploits/7319
http://secunia.com/advisories/32929	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47023
https://www.exploit-db.com/exploits/7319

Configurations

Configuration 1 (hide)

cpe:2.3:a:ocean12_technologies:mailing_list_manager:_nil_:gold:*:*:*:*:*:*

History

21 Nov 2024, 00:55

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/32929 - Vendor Advisory~~	() http://secunia.com/advisories/32929 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/47023 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/47023 -
References	~~() https://www.exploit-db.com/exploits/7319 -~~	() https://www.exploit-db.com/exploits/7319 -

Information

Published : 2009-01-27 01:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-5980

Mitre link : CVE-2008-5980

CVE.ORG link : CVE-2008-5980

JSON object : View

Products Affected

ocean12_technologies

mailing_list_manager

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-5980", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-01-27T01:30:00.627", "references": [{"url": "http://secunia.com/advisories/32929", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47023", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7319", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32929", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47023", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7319", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb."}, {"lang": "es", "value": "El gestor de listas de correo Ocean12 Mailing List Manager Gold almacena datos sensibles bajo el directorio ra\u00edz del arbol de directorios de la interfaz web con un control de acceso insuficiente, lo que permite a atacantes remotos descargar una base de datos a trav\u00e9s de una petici\u00f3n directa de o12mail.mdb."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ocean12_technologies:mailing_list_manager:_nil_:gold:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B0AF1A4-DA30-4A6D-81A5-6F8D772CCBE0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}