Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:PCitrusdb
APPCitrusdb≤ 0.3.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
Powiązane podatności
CVE-2005-0408CRITICAL9.8ten sam produkt
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, wh...
CVE-2005-0409MEDIUM6.4ten sam produkt
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...
CVE-2005-0410MEDIUM5.0ten sam produkt
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject d...
CVE-2005-0229MEDIUM5.0ten sam vendor
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...