Vulnerability Details CVE-2007-0506
The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.1%
CVSS Severity
CVSS v2 Score 6.0
References
- http://drupal.org/node/112146
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
- http://drupal.org/node/112146
- http://osvdb.org/32135
- http://secunia.com/advisories/23887
- http://www.securityfocus.com/bid/22224
- http://www.vupen.com/english/advisories/2007/0312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31727
Products affected by CVE-2007-0506
-
cpe:2.3:a:drupal:project:4.6
-
cpe:2.3:a:drupal:project:4.6_1.1
-
cpe:2.3:a:drupal:project:4.7
-
cpe:2.3:a:drupal:project:4.7_1.1
-
cpe:2.3:a:drupal:project:4.7_2.1
-
cpe:2.3:a:drupal:project:5.0
-
cpe:2.3:a:drupal:project_issue_tracking_module:4.7
-
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1
-
cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1
-
cpe:2.3:a:drupal:project_issue_tracking_module:5.0