CVE-2007-0505

Drupal Project - Unrestricted File Upload

Title source: rule

Description

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

References (6)

[Patch, Vendor Advisory] http://drupal.org/node/112146

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31729

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22224

[Third Party Advisory, VDB Entry] http://osvdb.org/32134

[Third Party Advisory] http://secunia.com/advisories/23887

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0312

Scores

EPSS 0.0263

EPSS Percentile 85.5%

Classification

Status draft

Affected Products (10)

drupal/project

drupal/project_issue_tracking_module

Timeline

Published Jan 26, 2007

Tracked Since Feb 18, 2026