CitrusDB <= 0.3.5 - Unauthenticated Credit Card Information Exposure via Temporary File
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.