Unrated severityNVD Advisory· Published Feb 18, 2006· Updated Apr 16, 2026

CVE-2006-0754

Description

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php

Affected products

Dotproject/Dotproject2 versions
cpe:2.3:a:dotproject:dotproject:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dotproject:dotproject:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dotproject:dotproject:2.0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/16648nvdExploit
secunia.com/advisories/18879nvdVendor Advisory
www.osvdb.org/23206nvd
www.securityfocus.com/archive/1/424957/100/0/threadednvd
www.securityfocus.com/archive/1/425285/100/0/threadednvd
www.vupen.com/english/advisories/2006/0604nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24745nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000