Aggregates CVE and security vulnerability intelligence across all dotbr-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk input validation and vendor risk path handling, with potential vendor impact unexpected behavior and vendor impact file overwrite across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2003-1405 | DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | [email protected] | 7.5 | 10.48% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1404 | DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | [email protected] | 7.5 | 0.84% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1403 | foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | [email protected] | 7.5 | 0.73% | 2003-12-31 | 2026-04-16 |