Back to search
CVE-2007-4436
Published: Aug 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and Project issue tracking module before 5.x-1.0, 4.7.x-2.4, and 4.7.x-1.4 do not properly enforce permissions, which allows remote attackers to (1) obtain sensitive via the Tracker Module and the Recent posts page; (2) obtain project names via unspecified vectors; (3) obtain sensitive information via the statistics pages; and (4) read CVS project activity.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
25364
vdb-entry
x_refsource_BID
26510
third-party-advisory
x_refsource_SECUNIA
39632
vdb-entry
x_refsource_OSVDB
http://drupal.org/node/168760
x_refsource_CONFIRM
project-title-information-disclosure(36105)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now