Unrestricted File Upload Vulnerability in WordPress Products
CVE-2007-3543

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 3 July 2007

Summary

An unrestricted file upload vulnerability exists in WordPress versions prior to 2.2.1 and WordPress MU versions prior to 1.2.3. This flaw enables remote authenticated users to upload and execute arbitrary PHP code. By specifying a .php filename in the _wp_attached_file metadata field during post creation, attackers can send the file's content along with its post_ID to critical scripts like wp-app.php or app.php. Successful exploitation could allow malicious users to take control of affected WordPress installations.

References

http://secunia.com/advisories/25794

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/24642

vdb-entryx_refsource_BID

http://osvdb.org/37295

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 3, 2007
Vulnerability Reserved
Jul 3, 2007