2 matches found
CVE-2006-0754
CVE-2006-0754 affects dotProject 2.0.1 and earlier. The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, revealing the path in an error message. Related connected sources also describe multiple sc...
dotProject Multiple Scripts Remote File Inclusion
The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject fails to sanitize input to various parameters and scripts before using it to include PHP code. Provided PHP's 'registerglobals' setting is enabled, a...