Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CitrusDB CSV文件上传访问验证漏洞
Vulnerability Description
CitrusDB 是一个基于Web的客户关系维护和账单管理解决方案。 CitrusDB 0.3.6及更早版本不验证(1) importcc.php和(2) uploadcc.php的授权,这可让远程攻击者上传信用卡数据并获得敏感信息(例如存储信用卡数据的临时文件的路径名),并进一步非法利用其他漏洞。
CVSS Information
N/A
Vulnerability Type
N/A