MEDIUM🇵🇱 Wersja polska

CVE-2005-0410

CVSS 5.0v2.0pub. 2005-02-14upd. 2026-04-16

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.

CVSS Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
  • Citrusdb

    APP
    Citrusdb
    ≤ 0.3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2005-0408CRITICAL9.8ten sam produkt

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, wh...

CVE-2005-0411HIGH7.5ten sam produkt

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and loca...

CVE-2005-0409MEDIUM6.4ten sam produkt

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...

CVE-2005-0229MEDIUM5.0ten sam vendor

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...