Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.
References
Link | Resource |
---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031710.html | |
http://www.redteam-pentesting.de/advisories/rt-sa-2005-005.txt | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2005-02-16T05:00:00
Updated: 2005-06-04T09:00:00
Reserved: 2005-02-14T00:00:00
Link: CVE-2005-0411
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-02-14T05:00:00.000
Modified: 2008-09-10T19:35:31.353
Link: CVE-2005-0411
JSON object: View
Redhat Information
No data.
CWE