Vulnerabilities > CVE-2005-0409 - Unspecified vulnerability in Citrusdb 0.3.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN citrusdb
exploit available
Summary
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection. CVE-2005-0409. Webapps exploit for php platform id EDB-ID:25100 last seen 2016-02-03 modified 2005-02-15 published 2005-02-15 reporter RedTeam Pentesting source https://www.exploit-db.com/download/25100/ title CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection description CitrusDB 0.3.6 importcc.php Arbitrary Database Injection. CVE-2005-0409. Webapps exploit for php platform id EDB-ID:25099 last seen 2016-02-03 modified 2005-02-15 published 2005-02-15 reporter RedTeam Pentesting source https://www.exploit-db.com/download/25099/ title CitrusDB 0.3.6 importcc.php Arbitrary Database Injection