Lucene search

[email protected]CVE-2007-3544

HistoryJul 03, 2007 - 8:30 p.m.

CVE-2007-3544

2007-07-0320:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3544

unrestricted file upload

vulnerability

wordpress

wordpress mu

remote authenticated users

arbitrary php code

wp_postmeta table

custom fields

incomplete fix

cve-2007-3543

nvd

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.

CPENameOperatorVersion
wordpress:wordpresswordpressle2.2.0
wordpress:wordpress_muwordpress wordpress mule1.2.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	2.2.0
wordpress:wordpress_mu	wordpress wordpress mu	le	1.2.2

References

osvdb.org/37294

www.buayacorp.com/files/wordpress/wordpress-advisory.html

7.4 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for CVE-2007-3544

debiancve2 prion2 ubuntucve2 cvelist2 patchstack1 cve1