Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Remediation

References

CVE-2007-0626

Related Vulnerabilities

Drupal CVE-2017-6930 Vulnerability (CVE-2017-6930)

WordPress Plugin Comment Rating 'path' Parameter Cross-Site Scripting (2.9.20)

WordPress Plugin s2Member Framework 's2_invoice' Parameter Remote Security Bypass (111105)

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)

WordPress Plugin DB Backup Directory Traversal (4.5)

Severity

Medium

Classification

CVE-2007-0626

Tags

Missing Update Known Vulnerabilities