Drupal Comment_Form_Add_Preview Function Remote Code Execution Vulnerability

The Drupal application is prone to an arbitrary PHP code-execution vulnerability.

To exploit this issue, attackers must have access to the 'post comments' functionality and to multiple input filters, which is not the default.

Successful exploits will result in arbitrary PHP script code running in the context of the webserver process. This issue can facilitate the compromise of vulnerable computers.


Privacy Statement
Copyright 2010, SecurityFocus