dotProject is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. dotProject <= 2.1.6 is vulnerable.

• http://www.exploit-db.com/exploits/22708/

---

Updated on 2015-03-25