CVE-2007-0626
N/A
N/A
Summary
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vbdrupal.org/forum/showthread.php?t=786
- http://www.securityfocus.com/bid/22306
- http://secunia.com/advisories/23960
- http://www.vupen.com/english/advisories/2007/0406
- http://osvdb.org/32136
- http://www.vupen.com/english/advisories/2007/0415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31940
- http://drupal.org/node/113935
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
- http://secunia.com/advisories/23990
References
- http://www.vbdrupal.org/forum/showthread.php?t=786
- http://www.securityfocus.com/bid/22306
- http://secunia.com/advisories/23960
- http://www.vupen.com/english/advisories/2007/0406
- http://osvdb.org/32136
- http://www.vupen.com/english/advisories/2007/0415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31940
- http://drupal.org/node/113935
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
- http://secunia.com/advisories/23990
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.