Unrated severityNVD Advisory· Published Jan 31, 2007· Updated Jun 16, 2026
CVE-2007-0626
CVE-2007-0626
Description
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
10- drupal.org/node/113935nvdPatchVendor Advisory
- secunia.com/advisories/23960nvdThird Party Advisory
- secunia.com/advisories/23990nvdThird Party Advisory
- www.securityfocus.com/bid/22306nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2007/0406nvdThird Party Advisory
- www.vupen.com/english/advisories/2007/0415nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/31940nvdThird Party AdvisoryVDB Entry
- archives.neohapsis.com/archives/bugtraq/2007-01/0670.htmlnvdBroken Link
- osvdb.org/32136nvdBroken Link
- www.vbdrupal.org/forum/showthread.phpnvdBroken Link
News mentions
0No linked articles in our index yet.