CVE-2006-0754

Name of the Vulnerable Software and Affected Versions dotProject versions 2.0.1 and earlier

Description The issue allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. The vendor disputes this issue, stating it could only occur if the administrator ignores the installation instructions and warnings generated by check.php.

Recommendations For dotProject versions 2.0.1 and earlier, ensure that the administrator follows the installation instructions and heeds warnings generated by check.php to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.