CitrusDB Credit Card Data Remote Information Disclosure Vulnerability

CitrusDB Credit Card Data Remote Information Disclosure Vulnerability

No exploit is required to leverage this issue. To exploit a default configuration, the attacker needs only access:

[path to CitrusDB]/io/newfile.txt

where [path to CitrusDB] is the path relative to the web root.