Unrated severityNVD Advisory· Published Feb 14, 2005· Updated Apr 16, 2026

CVE-2005-0409

Description

CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.

Affected products

Citrusdb/Citrusdb
cpe:2.3:a:citrusdb:citrusdb:*:*:*:*:*:*:*:*
Range: <=0.3.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redteam-pentesting.de/advisories/rt-sa-2005-003.txtnvdExploitVendor Advisory
lists.grok.org.uk/pipermail/full-disclosure/2005-February/031707.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000