CVE-2007-0506
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/01/2007
Last modified:
09/04/2025
Description
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
Impact
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project:4.6_1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project:4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project:4.7_1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project:4.7_2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project:5.0:*:dev:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:drupal:project_issue_tracking_module:5.0:*:dev:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://drupal.org/node/112146
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
- http://drupal.org/node/112146
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727