Published: 14/02/2005 Updated: 10/09/2008

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 650

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

CitrusDB 0.3.6 and previous versions does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote malicious users to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
citrusdb citrusdb

source: wwwsecurityfocuscom/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files Exploitation of this issue could result in path disclosure or SQL injection The issue exists because the application fails to verify user credentials during file upload and import These issues ...

source: wwwsecurityfocuscom/bid/12557/info CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files Exploitation of this issue could result in path disclosure or SQL injection The issue exists because the application fails to verify user credentials during file upload and import These issu ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt https://nvd.nist.gov https://www.exploit-db.com/exploits/25099/

CVE-2005-0409

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect