CVE-2007-0505

Published Jan 26, 2007

Last updated 7 years ago

Overview

Description: Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:project:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAD68C3C-298C-41C6-BC6E-D25EBCDAA11D"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project:4.6_1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDC8AB64-19E1-4F38-994F-971E1B6268F4"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E105AA85-FA71-45D1-A7A2-6C07FFEA452D"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project:4.7_1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE28E558-D90C-49E8-A472-7A37FBB49F4C"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project:4.7_2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE32A77-7098-4E5B-8B85-E6B8930D1FAC"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project:5.0:*:dev:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6D3BE9B-7223-403A-90F4-39AE94DE7EB2"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E74B2F-1EB1-462D-B970-339C8817C229"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:4.7_1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7813534-EA9B-4A5E-B84E-D0D353EE9719"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:4.7_2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41B5AE16-B0D6-4E65-86BF-82EA5CD6F1B5"
          },
          {
            "criteria": "cpe:2.3:a:drupal:project_issue_tracking_module:5.0:*:dev:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A79A0F8-29F0-4393-8A44-83E804BC38EE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References