CVE-2005-0229

CitrusDB <= 0.3.5 - Unauthenticated Credit Card Information Exposure via Temporary File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0229. PoCs published by Maximillian Dornseif.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in CitrusDB, where unauthorized users can access sensitive data by navigating to a specific path. The issue is due to a design flaw rather than a code-level exploit.

Description

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Maximillian Dornseif · textremotemultiple
https://www.exploit-db.com/exploits/25072

This is a writeup describing an information disclosure vulnerability in CitrusDB, where unauthorized users can access sensitive data by navigating to a specific path. The issue is due to a design flaw rather than a code-level exploit.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CitrusDB (version not specified)
No auth needed
Prerequisites: Knowledge of the web root path to CitrusDB
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
http://www.citrusdb.org/forums/viewtopic.php?t=49
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013040
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19145
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12402
Exploit, Vendor Advisory x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=110824766519417&w=2

Scores

EPSS 0.0765
EPSS Percentile 93.8%

Details

Status published
Products (6)
citrusdb/citrusdb_customer_database 0.1.2
citrusdb/citrusdb_customer_database 0.2
citrusdb/citrusdb_customer_database 0.2.1
citrusdb/citrusdb_customer_database 0.3
citrusdb/citrusdb_customer_database 0.3.1
citrusdb/citrusdb_customer_database 0.3.5
Published Apr 27, 2005
Tracked Since Feb 18, 2026