Описание
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0626
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31940
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
- http://drupal.org/node/113935
- http://osvdb.org/32136
- http://secunia.com/advisories/23960
- http://secunia.com/advisories/23990
- http://www.securityfocus.com/bid/22306
- http://www.vbdrupal.org/forum/showthread.php?t=786
- http://www.vupen.com/english/advisories/2007/0406
- http://www.vupen.com/english/advisories/2007/0415
EPSS
CVE ID
Связанные уязвимости
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
The comment_form_add_preview function in comment.module in Drupal befo ...
EPSS