Dotproject

Dotproject

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-5702

Exploit
  • EPSS 1.14%
  • Veröffentlicht 21.10.2014 14:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3...

6.8

CVE-2012-5701

Exploit
  • EPSS 3.39%
  • Veröffentlicht 20.10.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a department...

5

CVE-2011-3729

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.09.2011 23:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files.

6.8

CVE-2008-6747

  • EPSS 0.63%
  • Veröffentlicht 23.04.2009 17:30:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.

4.3

CVE-2008-3886

Exploit
  • EPSS 0.29%
  • Veröffentlicht 02.09.2008 15:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in index.php in dotProject 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the inactive parameter in a tasks action, (2) the date parameter in a calendar day_view action,...

6

CVE-2008-3887

Exploit
  • EPSS 0.37%
  • Veröffentlicht 02.09.2008 15:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrar...

6.4

CVE-2007-5486

  • EPSS 0.38%
  • Veröffentlicht 16.10.2007 23:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.

4.3

CVE-2007-3226

  • EPSS 0.51%
  • Veröffentlicht 14.06.2007 23:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.

7.5

CVE-2006-4234

Exploit
  • EPSS 5.1%
  • Veröffentlicht 18.08.2006 20:04:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.

4.3

CVE-2006-3240

  • EPSS 0.63%
  • Veröffentlicht 27.06.2006 10:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.