CVE-2007-0506

Currently unrated

Key Information:

Vendor: Drupal
Status: Project Issue Tracking Module; Project
Vendor: CVE Published:; 26 January 2007

Summary

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

References

http://secunia.com/advisories/23887

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22224

vdb-entryx_refsource_BID

http://osvdb.org/32135

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jan 26, 2007
Vulnerability Reserved
Jan 25, 2007