Unrated severityNVD Advisory· Published Jan 26, 2007· Updated Apr 23, 2026

CVE-2007-0506

Description

The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.

Affected products

Drupal/Project6 versions
cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project:4.6_1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project:4.7_1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project:4.7_2.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project:5.0:*:dev:*:*:*:*:*
Drupal/Project Issue Tracking Module4 versions
cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:project_issue_tracking_module:5.0:*:dev:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

drupal.org/node/112146nvdPatchVendor Advisory
osvdb.org/32135nvd
secunia.com/advisories/23887nvd
www.securityfocus.com/bid/22224nvd
www.vupen.com/english/advisories/2007/0312nvd
exchange.xforce.ibmcloud.com/vulnerabilities/31727nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000