Lucene search

[email protected]CVE-2006-0754

HistoryFeb 18, 2006 - 2:02 a.m.

CVE-2006-0754

2006-02-1802:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0754

dotproject

sensitive information disclosure

remote attack

php scripts

security vulnerability

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php

CPENameOperatorVersion
dotproject:dotprojectdotprojecteq2.0
dotproject:dotprojectdotprojecteq2.0.1

CPE	Name	Operator	Version
dotproject:dotproject	dotproject	eq	2.0
dotproject:dotproject	dotproject	eq	2.0.1

References

secunia.com/advisories/18879

www.osvdb.org/23206

www.securityfocus.com/archive/1/424957/100/0/threaded

www.securityfocus.com/archive/1/425285/100/0/threaded

www.securityfocus.com/bid/16648

www.vupen.com/english/advisories/2006/0604

exchange.xforce.ibmcloud.com/vulnerabilities/24745

6.5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2006-0754

prion1 nessus1