PHP Remote File Inclusion Vulnerabilities in BackUpWordPress Plugin by WordPress
CVE-2007-5800

Currently unrated

Key Information:

Vendor

Wordpress
Status
BackupWordPress Plugin
Vendor
CVE Published:
3 November 2007

What is CVE-2007-5800?

The BackUpWordPress plugin for WordPress has multiple vulnerabilities that allow attackers to exploit remote file inclusion. These vulnerabilities arise in versions 0.4.2b and earlier, where the malicious injection of a URL into the bkpwp_plugin_path parameter can lead to the execution of arbitrary PHP code in files such as Archive.php, Predicate.php, Writer.php, Reader.php, and other scripts within the plugins/BackUp/Archive/ directory. This can result in severe security risks for websites utilizing this plugin.

References

http://osvdb.org/38479
vdb-entryx_refsource_OSVDB
http://wordpress.designpraxis.at/2007/11/01/security-vuln...
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3744
vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.