CVE-2007-4436
First published: Mon Aug 20 2007(Updated: )
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Drupal Project Issue Tracking Module | <=4.7_1.1 | |
| Drupal Project | <=4.7_2.1 | |
| Drupal Project Issue Tracking Module | <=4.7_2.1 | |
| Drupal Project | <=5.0 | |
| Drupal Project | <=4.7_1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/drupal
- canonical/drupal project issue tracking module
- version/drupal project issue tracking module/4.7_1.1
- canonical/drupal project
- version/drupal project/4.7_2.1
- version/drupal project issue tracking module/4.7_2.1
- version/drupal project/5.0
- version/drupal project/4.7_1.1