CVE-2006-0754

Published: Feb 18, 2006Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php

Affected (2)

Products: Dotproject: Dotproject

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dotproject Dotproject	Version 2.0.1
Dotproject Dotproject	Version 2.0

References (14)

http://secunia.com/advisories/18879

Source: cve@mitre.org

Vendor Advisory

http://www.osvdb.org/23206

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/424957/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/425285/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/16648

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/0604

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24745

Source: cve@mitre.org

http://secunia.com/advisories/18879

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.osvdb.org/23206

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/424957/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/425285/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16648

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/0604

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/24745

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.