CRITICAL🇬🇧 English

CVE-2005-0408

CVSS 9.8v3.1pub. 2005-02-14upd. 2026-04-16

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating the MD5 checksum of the user name combined with the "boogaadeeboo" string, which is hard-coded in the $hidden_hash variable.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Citrusdb

    APP
    Citrusdb
    ≤ 0.3.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2005-0411HIGH7.5ten sam produkt

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and loca...

CVE-2005-0409MEDIUM6.4ten sam produkt

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...

CVE-2005-0410MEDIUM5.0ten sam produkt

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject d...

CVE-2005-0229MEDIUM5.0ten sam vendor

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...

CVE-2005-0408 — CRITICAL 9.8 | CVEbaza.pl