1. CVE-Search
  2. CVE-2007-0626
ID CVE-2007-0626
Summary The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
References
Vulnerable Configurations
  • cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:4.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:4.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:dev:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:drupal:drupal:5.0:rc2:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 19-04-2021 - 13:42)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 22306
bugtraq 20070129 [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue
confirm
osvdb 32136
secunia
  • 23960
  • 23990
vupen
  • ADV-2007-0406
  • ADV-2007-0415
xf drupal-commentformaddpreview-code-execution(31940)
Last major update 19-04-2021 - 13:42
Published 31-01-2007 - 18:28
Last modified 19-04-2021 - 13:42
Back to Top