Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0626

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Published

2007-01-31T18:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	drupal	drupal	< 4.7.6	Yes
Application	drupal	drupal	< 5.1	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html Broken Link ([email protected])
http://drupal.org/node/113935 Patch, Vendor Advisory ([email protected])
http://osvdb.org/32136 Broken Link ([email protected])
http://secunia.com/advisories/23960 Third Party Advisory ([email protected])
http://secunia.com/advisories/23990 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/22306 Third Party Advisory, VDB Entry ([email protected])
http://www.vbdrupal.org/forum/showthread.php?t=786 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2007/0406 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/0415 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/31940 Third Party Advisory, VDB Entry ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://drupal.org/node/113935 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/32136 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23960 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23990 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22306 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vbdrupal.org/forum/showthread.php?t=786 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0406 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0415 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31940 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)