Shodan
Vulnerabilities
Vulnerable Software
Dotproject:  >> Dotproject  >> 2.0.2  Security Vulnerabilities
CVE-2012-5702
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
CVSS Score
4.3
EPSS Score
0.011
Published
2014-10-21
CVE-2012-5701
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
CVSS Score
6.8
EPSS Score
0.034
Published
2014-10-20
CVE-2008-6747
dotProject before 2.1.2 does not properly restrict access to administrative pages, which allows remote attackers to gain privileges. NOTE: some of these details are obtained from third party information.
CVSS Score
6.8
EPSS Score
0.006
Published
2009-04-23
CVE-2007-5486
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
CVSS Score
6.4
EPSS Score
0.004
Published
2007-10-16
CVE-2006-4234
PHP remote file inclusion vulnerability in classes/query.class.php in dotProject 2.0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.
CVSS Score
7.5
EPSS Score
0.051
Published
2006-08-18
CVE-2006-3240
Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVSS Score
4.3
EPSS Score
0.008
Published
2006-06-27
CVE-2006-2851
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-06-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved