header-logo
Suggest Exploit
vendor:
CitrusDB
by:
SecurityFocus
7,5
CVSS
HIGH
Local File Include and SQL Injection
94, 89
CWE
Product Name: CitrusDB
Affected Version From: 2.4.1
Affected Version To: 2.4.1
Patch Exists: YES
Related CWE: N/A
CPE: citrusdb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

CitrusDB Local File Include and SQL Injection Vulnerabilities

CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.

Mitigation:

Ensure that input is properly sanitized and validated before being used in database queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/52946/info

CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability.

An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and execute arbitrary local files within the context of the webserver.

CitrusDB 2.4.1 is vulnerable; other versions may also be affected. 

http://www.example.com/lab/citrus-2.4.1/index.php?load=../../../../../etc/passwd%00&type=base

Navigation

Suggest Exploit

Services By CQR