Published: 27/04/2005 Updated: 11/07/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CitrusDB 0.3.5 and previous versions stores the newfile.txt temporary data file under the web root, which allows remote malicious users to steal credit card information via a direct request to newfile.txt.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrusdb citrusdb customer database 0.3.5
citrusdb citrusdb customer database 0.3
citrusdb citrusdb customer database 0.3.1
citrusdb citrusdb customer database 0.1.2
citrusdb citrusdb customer database 0.2
citrusdb citrusdb customer database 0.2.1

source: wwwsecurityfocuscom/bid/12402/info A remote information disclosure issue affects CitrusDB This issue is due to a design problem that grants unauthorized users the ability to export sensitive data An attacker may leverage this issue to gain access to sensitive information including credit card data [path to CitrusDB]/io/newfi ...

NVD-CWE-Other http://www.securityfocus.com/bid/12402 http://www.citrusdb.org/forums/viewtopic.php?t=49 http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt http://securitytracker.com/id?1013040 http://marc.info/?l=full-disclosure&m=110824766519417&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19145 https://nvd.nist.gov https://www.exploit-db.com/exploits/25072/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-0229

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect