CVE-2007-1409Sensitive Information Exposure in Wordpress

CWE-200Sensitive Information ExposureCWE-209Information Exposure via Error Message11 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 30.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedMar 10
Latest updateMay 1

Description

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDwordpress/wordpress10 versions+9

🔴Vulnerability Details

1
GHSA
GHSA-wpqm-xjc6-mj5p: WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions2022-05-01

🔍Detection Rules

6
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php ASCII2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php DELETE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UNION SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UPDATE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php INSERT2010-07-30

📋Vendor Advisories

1
Debian
CVE-2007-1409: wordpress - WordPress allows remote attackers to obtain sensitive information via a direct r...2007

📐Framework References

2
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Generation of Error Message Containing Sensitive Information
CVE-2007-1409 — Sensitive Information Exposure | cvebase