CVE-2007-0626
Published Jan 31, 2007
Last updated 4 years ago
Overview
- Description
- The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97D83466-2B9B-4C7F-BA2E-1CC2441EA143",
"versionEndExcluding": "4.7.6",
"versionStartExcluding": "4.7.0"
},
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4021FFD0-B361-42FE-91AD-61CF859F4718",
"versionEndExcluding": "5.1",
"versionStartIncluding": "5.0"
}
],
"operator": "OR"
}
]
}
]