Lucene search

PRIOn knowledge basePRION:CVE-2007-0626

HistoryJan 31, 2007 - 6:28 p.m.

Input validation

2007-01-3118:28:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.2%

JSON

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with “post comments” privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by “normal form validation routines.”

CPENameOperatorVersion
drupalge5.0
drupallt5.1
drupalgt4.7.0
drupallt4.7.6

Name	Operator	Version
drupal	ge	5.0
drupal	lt	5.1
drupal	gt	4.7.0
drupal	lt	4.7.6

References

archives.neohapsis.com/archives/bugtraq/2007-01/0670.html

osvdb.org/32136

secunia.com/advisories/23960

secunia.com/advisories/23990

www.securityfocus.com/bid/22306

www.vbdrupal.org/forum/showthread.php?t=786

www.vupen.com/english/advisories/2007/0406

www.vupen.com/english/advisories/2007/0415

drupal.org/node/113935

exchange.xforce.ibmcloud.com/vulnerabilities/31940

7.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.034 Low

EPSS

Percentile

91.2%

JSON

Related for PRION:CVE-2007-0626