CVE-2006-0756

Name of the Vulnerable Software and Affected Versions dotProject versions 2.0.1 and earlier

Description The issue allows remote attackers to obtain sensitive configuration information because certain files, specifically phpinfo.php and check.php, remain accessible under the /docs/ directory after installation. The vendor disputes this issue, stating it could only occur if the administrator ignores installation instructions and warnings generated by check.php.

Recommendations For dotProject versions 2.0.1 and earlier, ensure that phpinfo.php and check.php are not accessible under the /docs/ directory after installation by following the installation instructions carefully and addressing any warnings generated by check.php. As a temporary workaround, consider restricting access to the /docs/ directory to minimize the risk of exploitation.