CVE-2007-3544
published 2007-07-03CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload…
PriorityP428medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.77%
75.3th percentile
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.2.2-1 (bookworm) | wordpress 2.2.2-1 (bookworm) |
| wordpress | wordpress | <= 2.2.0 | — |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress | >= 0 < 2.2.2-1 | 2.2.2-1 |
| wordpress | wordpress_mu | <= 1.2.2 | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.0MEDIUM
vendor_debian6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2hhx-g28r-fqwv: Unrestricted file upload vulnerability in (1) wp-app
ghsa_unreviewed·2022-05-01·CVSS 6.0
CVE-2007-3544 [MEDIUM] GHSA-2hhx-g28r-fqwv: Unrestricted file upload vulnerability in (1) wp-app
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
OSV
CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app
osv·2007-07-03·CVSS 6.0
CVE-2007-3544 [MEDIUM] CVE-2007-3544: Unrestricted file upload vulnerability in (1) wp-app
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Debian
CVE-2007-3544: wordpress - Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in Word...
vendor_debian·2007·CVSS 6.0
CVE-2007-3544 [MEDIUM] CVE-2007-3544: wordpress - Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in Word...
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
Scope: local
bookworm: resolved (fixed in 2.2.2-1)
bullseye: resolved (fixed in 2.2.2-1)
forky: resolved (fixed in 2.2.2-1)
sid: resolved (fixed in 2.2.2-1)
trixie: resolved (fixed in 2.2.2-1)
No detection rules found.
No public exploits indexed.
2007-07-03
Published