Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Remediation

References

CVE-2007-0626

Related Vulnerabilities

Oracle Database Server CVE-2023-22073 Vulnerability (CVE-2023-22073)

WordPress Plugin AgentEasy Properties Cross-Site Scripting (1.0.4)

WordPress Plugin Ajax Search Lite Security Bypass (3.1)

WordPress Plugin Images Lazyload and Slideshow Cross-Site Scripting (3.2)

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (1.3.4)

Severity

Medium

Classification

CVE-2007-0626

Tags

Missing Update Known Vulnerabilities