Drupal Comment_Form_Add_Preview Function Remote Code Execution Vulnerability

Drupal Comment_Form_Add_Preview Function Remote Code Execution Vulnerability

References:

Drupal < 4.7.6 (post comments) Remote Command Execution Exploit (Str0ke)
Drupal < 5.1 (post comments) Remote Command Execution Exploit (Str0ke)
Drupal Security Advisory DRUPAL-SA-2007-005 (Drupal)
Vendor Homepage (Drupal)
[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue (Drupal)

Privacy Statement
Copyright 2010, SecurityFocus