CVE-2006-0754
Published Feb 18, 2006
Last updated 3 months ago
Overview
- Description
- dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
- Source
- cve@mitre.org
- NVD status
- Modified
- CNA Tags
- disputed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dotproject:dotproject:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3862952F-9DE1-471A-A895-A1AFCA3C40F5"
},
{
"criteria": "cpe:2.3:a:dotproject:dotproject:2.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22FFB14E-3C84-4AAE-A04D-221DCDE0F47E"
}
],
"operator": "OR"
}
]
}
]