Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1285.NASL
HistoryMay 03, 2007 - 12:00 a.m.

Debian DSA-1285-1 : wordpress - several vulnerabilities

2007-05-0300:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

  • CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

    • CVE-2007-1893 WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to’publish a previously saved post.’

    • CVE-2007-1894 Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

    • CVE-2007-1897 SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1285. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(25152);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2007-1622", "CVE-2007-1893", "CVE-2007-1894", "CVE-2007-1897");
  script_xref(name:"DSA", value:"1285");

  script_name(english:"Debian DSA-1285-1 : wordpress - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"- CVE-2007-1622
    Cross-site scripting (XSS) vulnerability in
    wp-admin/vars.php in WordPress before 2.0.10 RC2, and
    before 2.1.3 RC2 in the 2.1 series, allows remote
    authenticated users with theme privileges to inject
    arbitrary web script or HTML via the PATH_INFO in the
    administration interface, related to loose regular
    expression processing of PHP_SELF.

  - CVE-2007-1893
    WordPress 2.1.2, and probably earlier, allows remote
    authenticated users with the contributor role to bypass
    intended access restrictions and invoke the
    publish_posts functionality, which can be used
    to'publish a previously saved post.'

  - CVE-2007-1894
    Cross-site scripting (XSS) vulnerability in
    wp-includes/general-template.php in WordPress before
    20070309 allows remote attackers to inject arbitrary web
    script or HTML via the year parameter in the wp_title
    function.

  - CVE-2007-1897
    SQL injection vulnerability in xmlrpc.php in WordPress
    2.1.2, and probably earlier, allows remote authenticated
    users to execute arbitrary SQL commands via a string
    parameter value in an XML RPC mt.setPostCategories
    method call, related to the post_id variable."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-1622"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-1893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-1894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2007-1897"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2007/dsa-1285"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wordpress package.

For the stable distribution (etch) these issues have been fixed in
version 2.0.10-1.

For the testing and unstable distributions (lenny and sid,
respectively), these issues have been fixed in version 2.1.3-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"wordpress", reference:"2.0.10-1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwordpressp-cpe:/a:debian:debian_linux:wordpress
debiandebian_linux4.0cpe:/o:debian:debian_linux:4.0

Related

osv 1
debian 2
openvas 1
patchstack 4
cve 7
ubuntucve 7
debiancve 7
prion 7
wpvulndb 1
securityvulns 2
osv
osv
wordpress
2007-05-01 00:00:00
debian
debian
[SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilities
2007-05-01 18:03:33
[SECURITY] [DSA 1285-1] New wordpress packages fix multiple vulnerabilities
2007-05-01 18:03:33
openvas
openvas
Debian: Security Advisory (DSA-1285-1)
2023-03-08 00:00:00
patchstack
patchstack
WordPress <= 2.1.2 RC2 - XSS
2007-03-22 00:00:00
WordPress <= 2.0.10 - XSS
2007-04-09 00:00:00
WordPress <= 2.1.2 - Security BYPASS
2007-04-09 00:00:00
cve
cve
CVE-2007-1622
2007-03-23 00:19:00
CVE-2007-1894
2007-04-09 20:19:00
CVE-2007-1893
2007-04-09 20:19:00
ubuntucve
ubuntucve
CVE-2007-1894
2007-04-09 00:00:00
CVE-2007-1622
2007-03-23 00:00:00
CVE-2007-1893
2007-04-09 00:00:00
debiancve
debiancve
CVE-2007-1622
2007-03-23 00:19:00
CVE-2007-1894
2007-04-09 20:19:00
CVE-2007-1893
2007-04-09 20:19:00
prion
prion
Design/Logic Flaw
2007-04-09 20:19:00
Cross site scripting
2007-04-09 20:19:00
Cross site scripting
2007-03-23 00:19:00
wpvulndb
wpvulndb
WordPress 2.1.2 - Authenticated XMLRPC SQL Injection
2014-08-01 00:00:00
securityvulns
securityvulns
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-04-05 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2007-03-25 00:00:00
JSON
Related for DEBIAN_DSA-1285.NASL
osv1debian2openvas1patchstack4cve7ubuntucve7debiancve7prion7wpvulndb1securityvulns2