CVE-2007-0506
First published: Fri Jan 26 2007(Updated: )
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Project Issue Tracking Module | =4.7 | |
| Drupal Project | =5.0 | |
| Drupal Project Issue Tracking Module | =5.0 | |
| Drupal Project | =4.7_2.1 | |
| Drupal Project Issue Tracking Module | =4.7_2.1 | |
| Drupal Project | =4.6 | |
| Drupal Project | =4.7_1.1 | |
| Drupal Project | =4.6_1.1 | |
| Drupal Project Issue Tracking Module | =4.7_1.1 | |
| Drupal Project | =4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/drupal
- canonical/drupal project issue tracking module
- version/drupal project issue tracking module/4.7
- canonical/drupal project
- version/drupal project/5.0
- version/drupal project issue tracking module/5.0
- version/drupal project/4.7_2.1
- version/drupal project issue tracking module/4.7_2.1
- version/drupal project/4.6
- version/drupal project/4.7_1.1
- version/drupal project/4.6_1.1
- version/drupal project issue tracking module/4.7_1.1
- version/drupal project/4.7