CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCitrusdb
APPCitrusdb≤ 0.3.6
Related vulnerabilities
Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and loca...
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject d...
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...