CitrusDB Arbitrary Local PHP File Include Vulnerability
BID:12564
Info
CitrusDB Arbitrary Local PHP File Include Vulnerability
| Bugtraq ID: | 12564 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0411 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 15 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | Discovery of this vulnerability is credited to RedTeam. |
| Vulnerable: |
CitrusDB Customer Database 0.3.6 |
| Not Vulnerable: | |
Discussion
CitrusDB Arbitrary Local PHP File Include Vulnerability
CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
This issue may also allow remote file includes, although this has not been confirmed.
CitrusDB is reportedly affected by a vulnerability that permits the inclusion of any local PHP file. This issue is due to the application failing to properly sanitize user-supplied input.
This issue is reported to affect CitrusDB 0.3.6; earlier versions may also be affected.
This issue may also allow remote file includes, although this has not been confirmed.
Exploit / POC
CitrusDB Arbitrary Local PHP File Include Vulnerability
No exploit is required.
The following proof of concept is available:
http://www.example.com/citrusdb/tools/index.php?load=../../../../../../tmp/exploit.php
(exploit.php would be a malicious PHP script on the same computer)
No exploit is required.
The following proof of concept is available:
http://www.example.com/citrusdb/tools/index.php?load=../../../../../../tmp/exploit.php
(exploit.php would be a malicious PHP script on the same computer)
Solution / Fix
CitrusDB Arbitrary Local PHP File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
CitrusDB Arbitrary Local PHP File Include Vulnerability
References:
References:
- CitrusDB Customer Database Home Page (CitrusDB)
- Directory traversal in CitrusDB (RedTeam)