CyberSec.Space Logo
Back to CVE Browser

CVE-2007-0626

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile29.84th
PublishedJan 31, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Affected Platforms (CPE)

πŸ“¦
Drupal

Drupal

> 4.7.0 and < 4.7.6
πŸ“¦
Drupal

Drupal

>= 5.0 and < 5.1

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
πŸ”— http://drupal.org/node/113935
πŸ”— http://osvdb.org/32136
πŸ”— http://secunia.com/advisories/23960
πŸ”— http://secunia.com/advisories/23990
πŸ”— http://www.securityfocus.com/bid/22306
πŸ”— http://www.vbdrupal.org/forum/showthread.php?t=786
πŸ”— http://www.vupen.com/english/advisories/2007/0406

Related Vulnerabilities

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...