RSS   Podatności dla 'Vbdrupal'   RSS

2007-02-07
 
CVE-2007-0841

 

 
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.

 
2007-01-31
 
CVE-2007-0626

CWE-20
 

 
The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines."

 


Copyright 2024, cxsecurity.com

 

Back to Top