CitrusDB 0.3.5 and previous versions stores the newfile.txt temporary data file under the web root, which allows remote malicious users to steal credit card information via a direct request to newfile.txt.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citrusdb citrusdb customer database 0.3.5 |
||
citrusdb citrusdb customer database 0.3 |
||
citrusdb citrusdb customer database 0.3.1 |
||
citrusdb citrusdb customer database 0.1.2 |
||
citrusdb citrusdb customer database 0.2 |
||
citrusdb citrusdb customer database 0.2.1 |