CVE-2007-0505

Properties

Published:
24.01.2007
Updated:
26.01.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:H/Au:R/C:C/I:C/A:C/B:N)
Product:
Drupal: Project
Drupal: Project
Drupal: Project
Drupal: Project
Drupal: Project
Drupal: Project

Vulnerability description

Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.

References:

http://drupal.org/node/112146: http://drupal.org/node/112146
FRSIRT: http://www.frsirt.com/english/advisories/2007/0312