6.5

CVE-2007-0626

EPSS 4.97%
Veröffentlicht 31.01.2007 18:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drupal ≫ Drupal Version > 4.7.0 < 4.7.6

Drupal ≫ Drupal Version >= 5.0 < 5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.97%	0.893

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html

Broken Link

http://drupal.org/node/113935

Patch

Vendor Advisory

http://osvdb.org/32136

Broken Link

http://secunia.com/advisories/23960

Third Party Advisory

http://secunia.com/advisories/23990

Third Party Advisory

http://www.securityfocus.com/bid/22306

Third Party Advisory

VDB Entry

http://www.vbdrupal.org/forum/showthread.php?t=786

Broken Link

http://www.vupen.com/english/advisories/2007/0406

Third Party Advisory

http://www.vupen.com/english/advisories/2007/0415

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31940

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2007-0626

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0626

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0626

EUVD