CVE-2007-3543
published 2007-07-03CVE-2007-3543: Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute…
PriorityP430medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
1.65%
73.6th percentile
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.2.1-1 (bookworm) | wordpress 2.2.1-1 (bookworm) |
| debian | wordpress | < wordpress 2.2.2-1 (bookworm) | wordpress 2.2.2-1 (bookworm) |
| wordpress | wordpress | <= 2.2.0 | — |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.1-1 | 2.2.1-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.1-1 | 2.2.1-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.1-1 | 2.2.1-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.1-1 | 2.2.1-1 |
| wordpress | wordpress_mu | <= 1.2.2 | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-3543: wordpress - Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress M...
vendor_debian·2007·CVSS 6.0
CVE-2007-3543 [MEDIUM] CVE-2007-3543: wordpress - Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress M...
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Scope: local
bookworm: resolved (fixed in 2.2.1-1)
bullseye: resolved (fixed in 2.2.1-1)
forky: resolved (fixed in 2.2.1-1)
sid: resolved (fixed in 2.2.1-1)
trixie: resolved (fixed in 2.2.1-1)
Debian
CVE-2007-3544: wordpress - Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in Word...
vendor_debian·2007·CVSS 6.0
CVE-2007-3544 [MEDIUM] CVE-2007-3544: wordpress - Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in Word...
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Scope: local
bookworm: resolved (fixed in 2.2.2-1)
bullseye: resolved (fixed in 2.2.2-1)
forky: resolved (fixed in 2.2.2-1)
sid: resolved (fixed in 2.2.2-1)
trixie: resolved (fixed in 2.2.2-1)
GHSA
GHSA-mv47-qh9x-3pwh: Unrestricted file upload vulnerability in WordPress before 2
ghsa_unreviewed·2022-05-01
CVE-2007-3543 [MEDIUM] GHSA-mv47-qh9x-3pwh: Unrestricted file upload vulnerability in WordPress before 2
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
GHSA
GHSA-2hhx-g28r-fqwv: Unrestricted file upload vulnerability in (1) wp-app
ghsa_unreviewed·2022-05-01·CVSS 6.0
CVE-2007-3544 [MEDIUM] GHSA-2hhx-g28r-fqwv: Unrestricted file upload vulnerability in (1) wp-app
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
OSV
CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app
osv·2007-07-03·CVSS 6.0
CVE-2007-3544 [MEDIUM] CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
OSV
CVE-2007-3543: Unrestricted file upload vulnerability in WordPress before 2
osv·2007-07-03·CVSS 6.0
CVE-2007-3543 [MEDIUM] CVE-2007-3543: Unrestricted file upload vulnerability in WordPress before 2
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
No detection rules found.
http://osvdb.org/37295http://secunia.com/advisories/25794http://trac.mu.wordpress.org/changeset/1005http://www.buayacorp.com/files/wordpress/wordpress-advisory.htmlhttp://www.securityfocus.com/bid/24642http://osvdb.org/37295http://secunia.com/advisories/25794http://trac.mu.wordpress.org/changeset/1005http://www.buayacorp.com/files/wordpress/wordpress-advisory.htmlhttp://www.securityfocus.com/bid/24642
2007-07-03
Published