Unrestricted File Upload Vulnerability in Project Issue Tracking for Drupal
CVE-2007-0505

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 26 January 2007

Summary

The Project issue tracking module for Drupal versions 4.7.0 through 5.x before January 23, 2007, contains an unrestricted file upload vulnerability. This flaw allows remote authenticated users to upload files with executable or multiple extensions, potentially leading to arbitrary code execution on the server. Attackers can leverage this vulnerability to exploit the system by attaching files to project issues, threatening the security and integrity of the affected Drupal installations.

References

http://secunia.com/advisories/23887

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22224

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/31729

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007