CVE-2007-3544 — Unrestricted File Upload in Wordpress

5 documents5 sources

Severity

6.5MEDIUMNVD

OSV6.0

EPSS

1.2%

top 20.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Wordpress MU

Timeline

PublishedJul 3

Latest updateMay 1

Description

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/wordpress< wordpress 2.2.2-1 (bookworm)

▶Debianwordpress/wordpress< 2.2.2-1+3

▶NVDwordpress/wordpress2.2.0

▶NVDwordpress/wordpress_mu1.2.2

🔴Vulnerability Details

GHSA

GHSA-2hhx-g28r-fqwv: Unrestricted file upload vulnerability in (1) wp-app↗2022-05-01

▶

OSV

CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app↗2007-07-03

▶

📋Vendor Advisories

Debian

CVE-2007-3544: wordpress - Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in Word...↗2007

▶

💬Community

Bugzilla

Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities↗2007-06-21

▶