CVE-2007-5597

Severity

43%

Complexity

86%

Confidentiality

48%

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by (1) Organic groups and (2) Subscriptions.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 17 years ago

2007-10-19 23:17:00

Last updated 6 years ago

2018-10-26 14:14:00

Affected Software

Drupal

References

http://drupal.org/node/184354

Vendor Advisory

27292

Third Party Advisory

27352

Third Party Advisory

26119

Third Party Advisory, VDB Entry

ADV-2007-3546

Third Party Advisory

drupal-api-information-disclosure(37296)

Third Party Advisory, VDB Entry

FEDORA-2007-2649

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.