CVE Vulnerability

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html Exploit
http://wordpress.org/development/2007/03/upgrade-212/ Vendor Advisory
http://www.kb.cert.org/vuls/id/214480 US Government Resource
http://www.kb.cert.org/vuls/id/641456 US Government Resource
http://www.securityfocus.com/bid/22797
http://secunia.com/advisories/24374 Vendor Advisory
http://www.vupen.com/english/advisories/2007/0812
https://exchange.xforce.ibmcloud.com/vulnerabilities/32807
https://exchange.xforce.ibmcloud.com/vulnerabilities/32804
http://www.securityfocus.com/archive/1/461794/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
Information

Published : 2007-03-05 08:19

Updated : 2018-10-16 04:37

NVD link : CVE-2007-1277

Mitre link : CVE-2007-1277

Products Affected
No products.
CWE
CWE-20