Info

Disclosure

Feb 14, 2006

Discovery

Jan 24, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /includes/db_connect.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: turn the register_globals PHP option to 'off'.

Products

dotProject.net

dotProject

2.0.1

References

Bugtraq ID: 16648
Secunia Advisory ID: 18879
CVE ID: 2006-0755 (see also: NVD)
Related OSVDB ID: 23206 23210 23212 23213 23214 23215 23216 23217 23218 23219
VUPEN Advisory: ADV-2006-0604
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0204.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0241.html
Vendor URL: http://www.dotproject.net/

Credit

Robin Verton - r.vertongmail.com -

Direct URL: http://osvdb.org/23211