SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and previous versions allows remote malicious users to inject data via the fields of a CSV file.
source: wwwsecurityfocuscom/bid/12557/info
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files Exploitation of this issue could result in path disclosure or SQL injection The issue exists because the application fails to verify user credentials during file upload and import
These is ...