Vulnerabilities > CVE-2007-0626 - Unspecified vulnerability in Drupal 5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Nessus
NASL family CGI abuses NASL id DRUPAL_COMMENT_CODE_EXEC.NASL description The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary code execution with the privileges of the web server user id. last seen 2020-06-01 modified 2020-06-02 plugin id 24265 published 2007-02-01 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24265 title Drupal Comment Function Arbitrary Code Execution NASL family CGI abuses NASL id DRUPAL_COMMENT_CODE_EXEC2.NASL description The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary code execution with the privileges of the web server user id. last seen 2020-06-01 modified 2020-06-02 plugin id 24266 published 2007-02-01 reporter This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24266 title Drupal Comment Module comment_form_add_preview() Function Arbitrary Code Execution
References
- http://archives.neohapsis.com/archives/bugtraq/2007-01/0670.html
- http://drupal.org/node/113935
- http://osvdb.org/32136
- http://secunia.com/advisories/23960
- http://secunia.com/advisories/23990
- http://www.securityfocus.com/bid/22306
- http://www.vbdrupal.org/forum/showthread.php?t=786
- http://www.vupen.com/english/advisories/2007/0406
- http://www.vupen.com/english/advisories/2007/0415
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31940