SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.
CVSS Vector
AV:N/AC:L/Au:N/C:N/I:P/A:NCitrusdb
APPCitrusdb≤ 0.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
Related vulnerabilities
CVE-2005-0408CRITICAL9.8ten sam produkt
CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, wh...
CVE-2005-0411HIGH7.5ten sam produkt
Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and loca...
CVE-2005-0409MEDIUM6.4ten sam produkt
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...
CVE-2005-0229MEDIUM5.0ten sam vendor
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...