CVE-2006-0755

Name of the Vulnerable Software and Affected Versions dotProject versions 2.0.1 and earlier

Description The issue allows remote attackers to execute arbitrary commands via the baseDir parameter in several PHP files, including db adodb.php, db connect.php, session.php, vw usr roles.php, calendar.php, date format.php, and tasks/gantt.php, and the dPconfig[root dir] parameter in projects/gantt.php, gantt2.php, and vw files.php, when register globals is enabled. The vendor disputes this issue, stating that the product documentation clearly recommends disabling register globals and that the check.php script warns against this setting.

Recommendations For dotProject versions 2.0.1 and earlier, consider disabling the register globals setting to mitigate the risk of exploitation. As a temporary workaround, restrict access to the vulnerable parameters baseDir and dPconfig[root dir] in the affected PHP files until a fix is available.