Description
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/25100
exploitdb
WORKING POC
VERIFIED
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/25099
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html
Exploit, Vendor Advisory x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt
Scores
EPSS
0.0352
EPSS Percentile
87.7%
Details
Status
published
Products (1)
citrusdb/citrusdb
< 0.3.6
Published
Feb 14, 2005
Tracked Since
Feb 18, 2026