NVD

Id
57551  
Name
CVE-2007-5486  
Description
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
6.4  
Severity
Medium  
CVSS Base Score
6.4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-10-16  
Modified Date
2008-09-05  
Seq
2007-5486  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
294445 57551 CVE-2007-5486 http://bugs.dotproject.net/view.php?id=1910  View
294446 57551 CVE-2007-5486 http://docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1  View
294447 57551 CVE-2007-5486 26080  View
294448 57551 CVE-2007-5486 dotproject-companies-security-bypass(37202)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54097 JVNDB-2007-002789 dotProject における Companies モジュールにアクセスされる脆弱性 dotProject は、Companies モジュールを呼び出す際、権限を適切にチェックしないため、このモジュールにアクセスされる脆弱性が存在します。 CVE-2007-5486 28841 CVE-2007-5486 57551 6.4 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002789.html 2007-10-16 2012-06-26 View