Lucene search
Ubuntu.comUB:CVE-2007-0626HistoryJan 31, 2007 - 12:00 a.m.
CVE-2007-0626
2007-01-3100:00:00
ubuntu.com
ubuntu.com
11
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.034
Percentile
91.5%
The comment_form_add_preview function in comment.module in Drupal before
4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with “post
comments” privileges and access to multiple input filters to execute
arbitrary code by previewing comments, which are not processed by “normal
form validation routines.”
Related
nvd
nvd
CVE-2007-0626
2007-01-31 18:28:00
CVE-2007-0841
2007-02-08 02:28:00
cvelist
cvelist
CVE-2007-0626
2007-01-31 18:00:00
CVE-2007-0841
2007-02-08 02:00:00
prion
prion
Input validation
2007-01-31 18:28:00
Design/Logic Flaw
2007-02-08 02:28:00
cve
cve
CVE-2007-0626
2007-01-31 18:28:00
CVE-2007-0841
2007-02-08 02:28:00
nessus
nessus
Drupal Comment Module comment_form_add_preview() Function Arbitrary Code Execution
2007-02-01 00:00:00
Drupal Comment Function Arbitrary Code Execution
2007-02-01 00:00:00
securityvulns
securityvulns
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.034
Percentile
91.5%
Related for UB:CVE-2007-0626