CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0409

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.035

EPSS Ranking 87.2%

CVSS Severity

CVSS v2 Score 6.4

References

http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html
http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html
http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt

Products affected by CVE-2005-0409

Citrusdb » Citrusdb » Version: N/A

cpe:2.3:a:citrusdb:citrusdb:-
Citrusdb » Citrusdb » Version: 0.3.6

cpe:2.3:a:citrusdb:citrusdb:0.3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0409

Products

Pricing

Contact Us