|
CVE Reference: CVE-2007-4436
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2007-4436
|
|
Description:
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
|
|
CVE Status:
Candidate
|
|
References:
XF http://xforce.iss.net/xforce/xfdb/36105
SAID Secunia Advisory: SA26510
OSVDB 39632
CONFIRM http://drupal.org/node/168760
BID 25364
|
|
|
Return to the previous page.
|