Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5486

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5486
Last Modified 05 Sep 2008 05:30:54
Published 16 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5486

Summary

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Dotproject 2.0.4


References

SECUNIA - 27191

CONFIRM - http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1

CONFIRM - http://bugs.dotproject.net/view.php?id=1910

XF - dotproject-companies-security-bypass(37202)

BID - 26080


Last Updated: 27 May 2016 10:46:11