The project_issue_access function in the Project issue tracking 4.7.0 up to and including 5.x prior to 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
drupal project 4.6 |
||
drupal project 4.6_1.1 |
||
drupal project 4.7 |
||
drupal project issue tracking module 5.0 |
||
drupal project issue tracking module 4.7_1.1 |
||
drupal project issue tracking module 4.7_2.1 |
||
drupal project 4.7_1.1 |
||
drupal project 4.7_2.1 |
||
drupal project 5.0 |
||
drupal project issue tracking module 4.7 |