Vulnerability CVE-2007-1622 - CERT Civis.Net

Vulnerability Name:

CVE-2007-1622 (CCN-33148)

Assigned:

2007-03-17

Published:

2007-03-17

Updated:

2011-03-08

Summary:

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

3.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N)
3.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-1622

Source: CCN
Type: SA24567
WordPress "PHP_SELF" Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Vendor Advisory
24567

Source: SECUNIA
Type: UNKNOWN
25108

Source: MISC
Type: UNKNOWN
http://sla.ckers.org/forum/read.php?2,7935#msg-8006

Source: CCN
Type: WordPress Web site
WordPress > Blog Tool and Weblog Platform

Source: CCN
Type: Alexander Concha's Advisory
WordPress PHP_SELF Variable Handling XSS Vulnerability

Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt

Source: DEBIAN
Type: UNKNOWN
DSA-1285

Source: DEBIAN
Type: DSA-1285
wordpress -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 34348
WordPress wp-admin/vars.php PHP_SELF Parameter XSS

Source: CCN
Type: OSVDB ID: 37292
WordPress Predictable Cookie Unmoderated Comment Disclosure

Source: CCN
Type: OSVDB ID: 37296
WordPress sidebar.php query String Custom 404 XSS

Source: BID
Type: UNKNOWN
23027

Source: CCN
Type: BID-23027
WordPress PHP_Self Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-1005

Source: XF
Type: UNKNOWN
wordpress-vars-xss(33148)

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:2.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:20115	P	DSA-1285-1 wordpress	2014-06-23
oval:org.debian:def:1285	V	several vulnerabilities	2007-05-01