Description
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Remediation
References
Related Vulnerabilities
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.11)
PHP Other Vulnerability (CVE-2007-4010)
WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
Oracle JRE CVE-2012-0503 Vulnerability (CVE-2012-0503)
Oracle Database Server CVE-2015-4796 Vulnerability (CVE-2015-4796)