header-logo
Suggest Exploit
vendor:
CitrusDB
by:
SecurityFocus
7.5
CVSS
HIGH
Access Validation
20
CWE
Product Name: CitrusDB
Affected Version From: 2000.3.6
Affected Version To: 2000.3.6
Patch Exists: NO
Related CWE: N/A
CPE: citrusdb
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

CitrusDB Access Validation Vulnerability

CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import. Reportedly supplying ',,,,, as the contents of the uploaded csv file will make the SQL query in './citrusdb/tools/importcc.php' fail.

Mitigation:

Ensure that user credentials are properly verified during file upload and import.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12557/info
  
CitrusDB is reportedly affected by an access validation vulnerability during the upload of CSV files. Exploitation of this issue could result in path disclosure or SQL injection. The issue exists because the application fails to verify user credentials during file upload and import.
  
These issues are reported to affect CitrusDB 0.3.6; earlier versions may also be affected.

THe following proof of concept demonstrates the SQL injection vulnerability:
Reportedly supplying ',,,,, as the contents of the uploaded csv file will make the SQL query in './citrusdb/tools/importcc.php' fail.

Navigation

Suggest Exploit

Services By CQR