dotProject Companies Module Security Bypass Vulnerability
BID:26080
Info
dotProject Companies Module Security Bypass Vulnerability
| Bugtraq ID: | 26080 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5486 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 15 2007 12:00AM |
| Updated: | May 07 2015 05:34PM |
| Credit: | bogdan_avtr is credited with the discovery of this issue. |
| Vulnerable: |
Dotproject Dotproject 2.0.4 Dotproject Dotproject 2.0.3 Dotproject Dotproject 2.0.1 Dotproject Dotproject 2.0 Dotproject Dotproject 2.1-Rc2 |
| Not Vulnerable: |
Dotproject Dotproject 2.1 |
Discussion
dotProject Companies Module Security Bypass Vulnerability
dotProject is prone to a vulnerability that allows attackers to access a restricted module of the application.
Successful exploits may result in a complete compromise of vulnerable applications.
This issue affects versions prior to dotProject 2.1.
dotProject is prone to a vulnerability that allows attackers to access a restricted module of the application.
Successful exploits may result in a complete compromise of vulnerable applications.
This issue affects versions prior to dotProject 2.1.
Exploit / POC
dotProject Companies Module Security Bypass Vulnerability
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.
Solution / Fix
dotProject Companies Module Security Bypass Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
dotProject Companies Module Security Bypass Vulnerability
References:
References:
- dotproject Homepage (dotmarketing.org)
- Release Name: dotProject Version 2.1 (dotProject)