5

CVE-2006-0754

Exploit

EPSS 0.7%
Veröffentlicht 18.02.2006 02:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message.  NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dotproject ≫ Dotproject Version2.0

Dotproject ≫ Dotproject Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.697

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/18879

Vendor Advisory

http://www.osvdb.org/23206

http://www.securityfocus.com/archive/1/424957/100/0/threaded

http://www.securityfocus.com/archive/1/425285/100/0/threaded

http://www.securityfocus.com/bid/16648

Exploit

http://www.vupen.com/english/advisories/2006/0604

https://exchange.xforce.ibmcloud.com/vulnerabilities/24745

https://nvd.nist.gov/vuln/detail/CVE-2006-0754

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0754

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0754

EUVD