Unrestricted File Upload Vulnerability in WordPress Products
CVE-2007-3544

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress; WordPress Mu
Vendor: CVE Published:; 3 July 2007

Summary

The vulnerability involves an unrestricted file upload flaw that exists in the wp-app.php and app.php files of WordPress versions 2.2.1 and WordPress MU 1.2.3. This security weakness allows remote authenticated users to upload malicious PHP files, which can then be executed on the server. The issue arises from inadequate controls related to the wp_postmeta table and custom fields used in standard posts, potentially enabling unauthorized access to and execution of PHP code. This vulnerability highlights the importance of implementing strict file upload validations and security measures.

References

http://www.buayacorp.com/files/wordpress/wordpress-adviso...

x_refsource_MISC

http://osvdb.org/37294

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 3, 2007
Vulnerability Reserved
Jul 3, 2007