Remote Code Execution in Project Issue Tracking Module for Drupal
CVE-2007-1368

Currently unrated

Key Information:

Vendor: Drupal
Status: Drupal Project Issue Tracking
Vendor: CVE Published:; 9 March 2007

Summary

The Project issue tracking module for Drupal allows remote authenticated users with the 'access project issues' permission to exploit a security bypass. By altering a node identifier in the URL, these users can access the contents of private nodes that should otherwise remain confidential. This vulnerability highlights the importance of proper access controls and validation mechanisms to prevent unauthorized data exposure, underscoring the need for timely updates and security best practices.

References

http://www.securityfocus.com/bid/22867

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2007/0873

vdb-entryx_refsource_VUPEN

http://drupal.org/node/125832

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 9, 2007
Vulnerability Reserved
Mar 9, 2007