Description
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Maximillian Dornseif · textremotemultiple
https://www.exploit-db.com/exploits/25072
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www.citrusdb.org/forums/viewtopic.php?t=49
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013040
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19145
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12402
Exploit, Vendor Advisory x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=110824766519417&w=2
Scores
EPSS
0.0988
EPSS Percentile
93.1%
Details
Status
published
Products (6)
citrusdb/citrusdb_customer_database
0.1.2
citrusdb/citrusdb_customer_database
0.2
citrusdb/citrusdb_customer_database
0.2.1
citrusdb/citrusdb_customer_database
0.3
citrusdb/citrusdb_customer_database
0.3.1
citrusdb/citrusdb_customer_database
0.3.5
Published
Apr 27, 2005
Tracked Since
Feb 18, 2026