MEDIUM🇬🇧 English

CVE-2005-0229

CVSS 5.0v2.0pub. 2005-04-27upd. 2026-04-16

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Citrusdb Customer Database

    APP
    Citrusdb
    0.1.20.20.2.10.30.3.10.3.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2005-0408CRITICAL9.8ten sam vendor

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, wh...

CVE-2005-0411HIGH7.5ten sam vendor

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and loca...

CVE-2005-0409MEDIUM6.4ten sam vendor

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...

CVE-2005-0410MEDIUM5.0ten sam vendor

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject d...