CVE-2006-0754 Information

Feb 14, 2021 cve

Description

LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks DISPUTED LICENSE README.md cvefilelist cvelist nvdcve nvdpages.sh scripts test-CVE-2017-1882.markdown test-CVE-2017-18822.markdown tmpvendorlinks dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory which reveal the path in an error message. NOTE: the vendor disputes this issue saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php.

Reference

http://secunia.com/advisories/18879 http://www.osvdb.org/23206 http://www.securityfocus.com/archive/1/424957/100/0/threaded http://www.securityfocus.com/archive/1/425285/100/0/threaded http://www.securityfocus.com/bid/16648 http://www.vupen.com/english/advisories/2006/0604 https://exchange.xforce.ibmcloud.com/vulnerabilities/24745

Share on: