NASLDB: Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
General
ID: 24266
Name: Drupal Comment Module comment_form_add_preview Function Arbitrary Code Execution
Summary: Tries to execute a command via Drupal
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The version of Drupal installed on the remote host fails to properly
validate previews on comments and allows access to more than one input
filter, which is not enabled by default. An attacker can leverage this
issue while previewing a comment to have it interpreted as PHP code,
which will result in it being executed on the affected host with the
privileges of the web server user id.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2007-0626
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2007/01/29
Patch Release: –
Plugin Release: 2007/02/01
Plugin
Version: 1.19
Filename: drupal_comment_code_exec2.nasl
Filesize: 5196 bytes
MD5 Hash: 036417af3b2b98c80c6e32d91321acb8
Identification: –
Require Keys: www/drupal", "www/PHP
Dependencies: "drupal_detect.nasl"
Copyright: This script is Copyright© 2007-2011 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack