DotProject Privilege Escalation Vulnerability Network Vulnerability

Summary

The host is installed with dotProject and is prone to Privilege Escalation vulnerability.

Impact

Attackers can exploit this issue via specially crafted HTTP request to certain administrative pages to gain administrative privileges on the affected system. Impact Level: Application

Solution

Upgrade to version 2.1.2 http://www.dotproject.net

Insight

The flaw is due to improper restrictions on access to certain administrative pages.

Affected

dotProject version prior to 2.1.2

References

http://en.securitylab.ru/nvd/378282.php
http://xforce.iss.net/xforce/xfdb/43019

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6747

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Shiva LanRover Blank Password
Ziproxy Security Bypass Vulnerability
AirConnect Default Password
Microsoft Windows Kernel win32k.sys Privilege Escalation Vulnerability
3Com Superstack 3 switch with default password

dotProject Privilege Escalation Vulnerability

Take action and discover your vulnerabilities