CVE-2007-0626

This CVE affects Drupal’s comment_form_add_preview() in the comment.module, vulnerable in Drupal versions before 4.7.6 and 5.x before 5.1, and vbDrupal. The root cause is that previewed comments bypass normal form validation, and attackers with the right privileges ("post comments") and access to...

CVE-2007-0626

The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...