AI Score
Confidence
Low
EPSS
Percentile
81.9%
dotProject before 2.1 does not properly check privileges when invoking the Companies module, which allows remote attackers to access this module via a crafted URL. NOTE: some of these details are obtained from third party information.
bugs.dotproject.net/view.php?id=1910
docs.dotproject.net/index.php/Closed_Issues_/_Feature_Requests_-_2.1
secunia.com/advisories/27191
www.securityfocus.com/bid/26080
exchange.xforce.ibmcloud.com/vulnerabilities/37202