Lucene search

PRIOn knowledge basePRION:CVE-2006-0754

HistoryFeb 18, 2006 - 2:02 a.m.

Design/Logic Flaw

2006-02-1802:02:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

DISPUTED dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php.

CPENameOperatorVersion
dotprojecteq2.0
dotprojecteq2.0.1

CPE	Name	Operator	Version
	dotproject	eq	2.0
	dotproject	eq	2.0.1

References

secunia.com/advisories/18879

www.osvdb.org/23206

www.securityfocus.com/archive/1/424957/100/0/threaded

www.securityfocus.com/archive/1/425285/100/0/threaded

www.securityfocus.com/bid/16648

www.vupen.com/english/advisories/2006/0604

exchange.xforce.ibmcloud.com/vulnerabilities/24745

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for PRION:CVE-2006-0754