HIGH🇬🇧 English

CVE-2005-0411

CVSS 7.5v2.0pub. 2005-02-14upd. 2026-04-16

Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Citrusdb

    APP
    Citrusdb
    ≤ 0.3.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Path Traversal
CWE
Referencje

Powiązane podatności

CVE-2005-0408CRITICAL9.8ten sam produkt

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, wh...

CVE-2005-0409MEDIUM6.4ten sam produkt

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which ...

CVE-2005-0410MEDIUM5.0ten sam produkt

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject d...

CVE-2005-0229MEDIUM5.0ten sam vendor

CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote ...

CVE-2005-0411 — HIGH 7.5 | CVEbaza.pl