CVE-2007-0506

Drupal <5.x - Auth Bypass

Title source: llm

Description

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

References (6)

[Patch, Vendor Advisory] http://drupal.org/node/112146

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31727

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22224

[Third Party Advisory, VDB Entry] http://osvdb.org/32135

[Third Party Advisory] http://secunia.com/advisories/23887

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/0312

Scores

EPSS 0.0047

EPSS Percentile 64.2%

Classification

Status draft

Affected Products (10)

drupal/project

drupal/project_issue_tracking_module

Timeline

Published Jan 26, 2007

Tracked Since Feb 18, 2026