Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0754

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0754
Last Modified 07 Mar 2011 09:30:45
Published 17 Feb 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0754

Summary

** DISPUTED ** dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php.

Vulnerable Systems

Application

  • Dotproject 2.0

  • Dotproject 2.0.1


References

VUPEN - ADV-2006-0604

BID - 16648

BUGTRAQ - 20060214 dotproject <= 2.0.1 remote code execution

BUGTRAQ - 20060215 Re: dotproject <= 2.0.1 remote code execution

OSVDB - 23206

SECUNIA - 18879

XF - dotproject-phpinfo-check-obtain-info(24745)


Last Updated: 27 May 2016 10:41:46