CVE Vulnerability

CVE-2007-0626

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://drupal.org/node/113935 Patch Vendor Advisory
http://secunia.com/advisories/23960 Third Party Advisory
http://www.vbdrupal.org/forum/showthread.php?t=786 Broken Link
http://www.securityfocus.com/bid/22306 Third Party Advisory VDB Entry
http://secunia.com/advisories/23990 Third Party Advisory
http://osvdb.org/32136 Broken Link
http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html Broken Link
http://www.vupen.com/english/advisories/2007/0406 Third Party Advisory
http://www.vupen.com/english/advisories/2007/0415 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31940 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Information

Published : 2007-01-31 06:28

Updated : 2021-04-19 01:42

NVD link : CVE-2007-0626

Mitre link : CVE-2007-0626

Products Affected
No products.
CWE
NVD-CWE-noinfo