CVE-2007-0626
Description
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with post comments privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by normal form validation routines.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.969
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update drupal 5.0 to latest version | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234