Published: 31/01/2007 Updated: 19/04/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

The comment_form_add_preview function in comment.module in Drupal prior to 4.7.6, and 5.x prior to 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Vulnerable Product	Search on Vulmon	Subscribe to Product
drupal drupal

Yet another network scanner

Yet Another Network Scanner Try it out Visit disco1sajberse/ to (hopefully) see it in action or download the iso and run it yourself The code This code base grew slowly over time as a side-project for exploring various concepts, methods and algorithms such as process level sandboxing, domain-specific languages, hash tables, netstring based IPC, &c While most

NVD-CWE-noinfo http://drupal.org/node/113935 http://secunia.com/advisories/23960 http://www.vbdrupal.org/forum/showthread.php?t=786 http://www.securityfocus.com/bid/22306 http://secunia.com/advisories/23990 http://osvdb.org/32136 http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html http://www.vupen.com/english/advisories/2007/0406 http://www.vupen.com/english/advisories/2007/0415 https://exchange.xforce.ibmcloud.com/vulnerabilities/31940 https://nvd.nist.gov https://github.com/sebcat/yans

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0626

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect