CVE Vulnerability

CVE-2007-0506

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://drupal.org/node/112146 Patch Vendor Advisory
http://www.securityfocus.com/bid/22224
http://secunia.com/advisories/23887
http://osvdb.org/32135
http://www.vupen.com/english/advisories/2007/0312
https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
Configurations

Configuration 1

cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:5.0:*:dev:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:5.0:*:dev:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7_2.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.6_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:project:4.7:*:*:*:*:*:*:*
Information

Published : 2007-01-26 12:28

Updated : 2017-07-29 01:30

NVD link : CVE-2007-0506

Mitre link : CVE-2007-0506

Products Affected
No products.
CWE
NVD-CWE-Other