Vulnerabilities > CVE-2006-0756 - Unspecified vulnerability in Dotproject 2.0/2.0.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN dotproject
nessus
Summary
dotProject 2.0.1 and earlier leaves (1) phpinfo.php and (2) check.php accessible under the /docs/ directory after installation, which allows remote attackers to obtain sensitive configuration information. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | CGI abuses |
NASL id | DOTPROJECT_DOCS_DIR_INFO_DISCLOSURE.NASL |
description | The remote host is running dotProject, a web-based, open source, project management application written in PHP. The installed version of dotProject discloses sensitive information because it lets an unauthenticated attacker call scripts in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20926 |
published | 2006-02-15 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20926 |
title | dotProject docs/ Directory Multiple Script Information Disclosure |
code |
|
References
- http://www.securityfocus.com/archive/1/425285/100/0/threaded
- http://www.securityfocus.com/bid/16648
- http://www.osvdb.org/23207
- http://www.osvdb.org/23208
- http://secunia.com/advisories/18879
- http://securityreason.com/securityalert/434
- http://www.vupen.com/english/advisories/2006/0604
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24745
- http://www.securityfocus.com/archive/1/424957/100/0/threaded