Vulnerability DatabaseCVE-2007-0626
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-0626
January 31, 2007
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Related Resources (11)
http://www.securityfocus.com/bid/22306
http://drupal.org/node/113935
http://secunia.com/advisories/23960
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-0626
http://osvdb.org/32136
http://www.vbdrupal.org/forum/showthread.php?t=786
http://secunia.com/advisories/23990
http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
http://www.vupen.com/english/advisories/2007/0406
https://exchange.xforce.ibmcloud.com/vulnerabilities/31940
http://www.vupen.com/english/advisories/2007/0415
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
4.97