Description
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Remediation
References
Related Vulnerabilities
PHP Data Processing Errors Vulnerability (CVE-2015-4026)
WordPress Plugin WP FullCalendar Security Bypass (1.4.1)
WordPress Plugin WordPress Related Posts Cross-Site Request Forgery (2.6.1)
Jboss EAP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-14721)
silverstripeCMS Credentials Management Errors Vulnerability (CVE-2010-5092)