CVE-2007-1277
N/A
N/A
Summary
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/461794/100/0/threaded
- http://www.kb.cert.org/vuls/id/214480
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32804
- http://www.securityfocus.com/bid/22797
- http://www.vupen.com/english/advisories/2007/0812
- http://wordpress.org/development/2007/03/upgrade-212/
- http://www.kb.cert.org/vuls/id/641456
- http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html
- http://secunia.com/advisories/24374
References
- http://www.securityfocus.com/archive/1/461794/100/0/threaded
- http://www.kb.cert.org/vuls/id/214480
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32807
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32804
- http://www.securityfocus.com/bid/22797
- http://www.vupen.com/english/advisories/2007/0812
- http://wordpress.org/development/2007/03/upgrade-212/
- http://www.kb.cert.org/vuls/id/641456
- http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html
- http://secunia.com/advisories/24374
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.