Remote Code Execution in Project Issue Tracking Module for Drupal
CVE-2007-1368

Currently unrated

Key Information:

Vendor

Drupal
Status
Drupal Project Issue Tracking
Vendor
CVE Published:
9 March 2007

What is CVE-2007-1368?

The Project issue tracking module for Drupal allows remote authenticated users with the 'access project issues' permission to exploit a security bypass. By altering a node identifier in the URL, these users can access the contents of private nodes that should otherwise remain confidential. This vulnerability highlights the importance of proper access controls and validation mechanisms to prevent unauthorized data exposure, underscoring the need for timely updates and security best practices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/22867
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/0873
vdb-entryx_refsource_VUPEN
http://drupal.org/node/125832
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.