Drupal Comment Module comment_form_add_preview() Function Arbitrary Code Execution

medium Nessus Plugin ID 24266

Synopsis

The remote web server contains a PHP application that is affected by a remote code execution vulnerability.

Description

The version of Drupal running on the remote host fails to properly validate previews on comments, and allows access to more than one input filter, which is not enabled by default. An attacker can exploit this issue by previewing a comment to have it interpreted as PHP code, resulting in arbitrary code execution with the privileges of the web server user id.

Solution

Upgrade to Drupal version 4.7.6 / 5.1 or later.

See Also

https://www.drupal.org/node/113935

Plugin Details

Severity: Medium

ID: 24266

File Name: drupal_comment_code_exec2.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 2/1/2007

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2007-0626

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: www/PHP, installed_sw/Drupal

Exploit Ease: No known exploits are available

Exploited by Nessus: true

Patch Publication Date: 1/29/2007

Vulnerability Publication Date: 1/29/2007

Reference Information

CVE: CVE-2007-0626

BID: 22306

CWE: 20