Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.1
CVSSv2

CVE-2006-0755

Published: 18/02/2006 Updated: 14/05/2024
CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9
VMScore: 560
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Subscribe to Dotproject

Vulnerability Summary

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product

Vulnerable Product Search on Vulmon Subscribe to Product

dotproject dotproject 2.0

dotproject dotproject 2.0.1

Exploits

Exploit DB: dotProject 2.0 - '/modules/tasks/gantt.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute i ...
Exploit DB: dotProject 2.0 - '/modules/projects/gantt.php?dPconfig[root_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context ...
Exploit DB: dotProject 2.0 - '/modules/projects/vw_files.php?dPconfig[root_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the ...
Exploit DB: dotProject 2.0 - '/modules/projects/gantt2.php?dPconfig[root_dir]' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the c ...
Exploit DB: dotProject 2.0 - '/modules/admin/vw_usr_roles.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in t ...
Exploit DB: dotProject 2.0 - '/includes/session.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the con ...
Exploit DB: dotProject 2.0 - '/modules/public/date_format.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it ...
Exploit DB: dotProject 2.0 - '/modules/public/calendar.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in ...
Exploit DB: dotProject 2.0 - '/includes/db_connect.php?baseDir' Remote File Inclusion
source: wwwsecurityfocuscom/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the conte ...
Exploit DB: dotProject 2.1.6 - Remote File Inclusion
:::::::- :::::: ::: ;;, `';, ;; ;;;`;;;;, `;;; `[[ [[[[' [[[ [[[[[ '[[ $$, $$$$ $$$ $$$ "Y$c$$ 888_,o8P'88 d888 888 Y88 MMMMP"` "YmmMMMM"" MMM YM [ Discovered by dun \ posdub[at]gmailcom ] [ 2012-11-13 ] ################################ ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/425285/100/0/threadedhttp://www.securityfocus.com/bid/16648http://www.osvdb.org/23209http://www.osvdb.org/23212http://www.osvdb.org/23210http://www.osvdb.org/23211http://secunia.com/advisories/18879http://www.osvdb.org/23213http://www.osvdb.org/23214http://www.osvdb.org/23215http://www.osvdb.org/23216http://www.osvdb.org/23217http://www.osvdb.org/23218http://www.osvdb.org/23219http://www.vupen.com/english/advisories/2006/0604https://exchange.xforce.ibmcloud.com/vulnerabilities/24738http://www.securityfocus.com/archive/1/424957/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/27225/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook