CVE-2007-0506

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.6_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7_2.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:5.0:*:dev:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:5.0:*:dev:*:*:*:*:*

History

No history.

Information

Published : 2007-01-26 00:28

Updated : 2024-02-04 17:13


NVD link : CVE-2007-0506

Mitre link : CVE-2007-0506

CVE.ORG link : CVE-2007-0506


JSON object : View

Products Affected

drupal

  • project
  • project_issue_tracking_module