Vulnerabilities > CVE-2005-0229 - Remote Information Disclosure vulnerability in CitrusDB Credit Card Data

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
citrusdb
exploit available

Summary

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

Exploit-Db

descriptionCitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability. CVE-2005-0229. Remote exploits for multiple platform
idEDB-ID:25072
last seen2016-02-03
modified2005-01-31
published2005-01-31
reporterMaximillian Dornseif
sourcehttps://www.exploit-db.com/download/25072/
titleCitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability