VYPR
Unrated severityNVD Advisory· Published Jan 31, 2007· Updated Jun 16, 2026

CVE-2007-0626

CVE-2007-0626

Description

The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Drupal/Drupal2 versions
    cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*range: >4.7.0,<4.7.6
    • (no CPE)range: <4.7.6, <5.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.