Dotbr: Security Vulnerabilities
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
CVSS Score
7.5
EPSS Score
0.006
Published
2003-12-31
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
CVSS Score
7.5
EPSS Score
0.005
Published
2003-12-31
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
CVSS Score
7.5
EPSS Score
0.049
Published
2003-12-31