6.5

CVE-2007-0626

EPSS 4.97%
Published 31.01.2007 18:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Drupal ≫ Drupal Version > 4.7.0 < 4.7.6

Drupal ≫ Drupal Version >= 5.0 < 5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.97%	0.893

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html

Broken Link

http://drupal.org/node/113935

Patch

Vendor Advisory

http://osvdb.org/32136

Broken Link

http://secunia.com/advisories/23960

Third Party Advisory

http://secunia.com/advisories/23990

Third Party Advisory

http://www.securityfocus.com/bid/22306

Third Party Advisory

VDB Entry

http://www.vbdrupal.org/forum/showthread.php?t=786

Broken Link

http://www.vupen.com/english/advisories/2007/0406

Third Party Advisory

http://www.vupen.com/english/advisories/2007/0415

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31940

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2007-0626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0626

EUVD