| VID |
21837 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The dotProject program is vulnerable to multiple remote file include vulnerabilities which exist in versions prior to 2.0.1. dotProject is an open-source Web project management tool written in PHP. dotProject version 2.0.1 and possibly earlier versions, when register_globals is enabled, could allow a remote attacker to execute arbitrary commands via the baseDir parameter in the includes/db_adodb.php, includes/db_connect.php, includes/session.php, modules/admin/vw_usr_roles.php, modules/public/calendar.php and modules/public/date_format.php scripts, and the dPconfig[root_dir] parameter in the modules/projects/gantt.php, modules/projects/gantt2.php, modules/projects/vw_files.php and modules/tasks/gantt.php scripts. A remote attacker could exploit these vulnerabilities to execute arbitrary PHP code on the affected system.
* References:
http://www.dotproject.net/vbulletin/showthread.php?t=4462
http://www.securityfocus.com/archive/1/424957/30/0/threaded
http://www.securityfocus.com/archive/1/425285/100/0/threaded
http://archives.neohapsis.com/archives/bugtraq/2006-02/0204.html
http://www.frsirt.com/english/advisories/2006/0604
http://secunia.com/advisories/18879
* Platforms Affected:
dotmarketing, Inc., dotProject version 2.0.1 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of February 2006.
Upgrade to a version of dotProject (greater than 2.0.1), when new version fixed this problem becomes available from the dotProject Web site at http://www.dotproject.net/
As a workaround, disable PHP's 'register_globals' setting. |
| Related URL |
CVE-2006-0754,CVE-2006-0755 (CVE) |
| Related URL |
16648 (SecurityFocus) |
| Related URL |
24738,24743 (ISS) |
|
