CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-0626

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0390%
EPSS Percentile29.84th
Published2007年1月31日
Last Modified2026年4月23日

Vulnerability Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Affected Platforms (CPE)

📦
Drupal

Drupal

> 4.7.0 and < 4.7.6
📦
Drupal

Drupal

>= 5.0 and < 5.1

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
🔗 http://drupal.org/node/113935
🔗 http://osvdb.org/32136
🔗 http://secunia.com/advisories/23960
🔗 http://secunia.com/advisories/23990
🔗 http://www.securityfocus.com/bid/22306
🔗 http://www.vbdrupal.org/forum/showthread.php?t=786
🔗 http://www.vupen.com/english/advisories/2007/0406

相关漏洞威胁

CVE-2008-082310.0

Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administratio...

CVE-2008-056810.0

Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remot...

CVE-2007-084110.0

Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector r...

CVE-2009-103410.0

SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, ...