Vulnerability Description
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Project | 4.6 |
| Drupal | Project Issue Tracking Module | 4.7 |
References
- http://drupal.org/node/112146PatchVendor Advisory
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
- http://drupal.org/node/112146PatchVendor Advisory
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
FAQ
What is CVE-2007-0506?
CVE-2007-0506 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain ...
How severe is CVE-2007-0506?
CVE-2007-0506 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0506?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Project, Drupal Project Issue Tracking Module.