Lucene search

[email protected]CVE-2005-0409

HistoryFeb 14, 2005 - 5:00 a.m.

CVE-2005-0409

2005-02-1405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

citrusdb

authorization verification

credit card data

remote attack

6.6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.061 Low

EPSS

Percentile

93.4%

JSON

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.

CPENameOperatorVersion
citrusdb:citrusdbcitrusdble0.3.6

CPE	Name	Operator	Version
citrusdb:citrusdb	citrusdb	le	0.3.6

References

lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.html

www.redteam-pentesting.de/advisories/rt-sa-2005-003.txt

6.6 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.061 Low

EPSS

Percentile

93.4%

JSON

Related for CVE-2005-0409

securityvulns1