Description
Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/25104
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.redteam-pentesting.de/advisories/rt-sa-2005-005.txt
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031710.html
Scores
EPSS
0.0336
EPSS Percentile
87.4%
Details
Status
published
Products (1)
citrusdb/citrusdb
< 0.3.6
Published
Feb 14, 2005
Tracked Since
Feb 18, 2026