Vulnerabilities > CVE-2007-0505 - Multiple vulnerability in Drupal Project and Project Issues Tracking Modules

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

drupal

NVD

Published: 2007-01-26

Updated: 2017-07-29

Summary

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

Vulnerable Configurations

Part	Description	Count
Application	Drupal Drupal Project 4.6 Drupal Project 4.6_1.1 Drupal Project 4.7 Drupal Project 4.7_1.1 Drupal Project 4.7_2.1 Drupal Project 5.0 Drupal Project Issue Tracking Module 4.7 Drupal Project Issue Tracking Module 4.7_1.1 Drupal Project Issue Tracking Module 4.7_2.1 Drupal Project Issue Tracking Module 5.0	10

References

http://drupal.org/node/112146
http://osvdb.org/32134
http://secunia.com/advisories/23887
http://www.securityfocus.com/bid/22224
http://www.vupen.com/english/advisories/2007/0312
https://exchange.xforce.ibmcloud.com/vulnerabilities/31729