Vulnerability CVE-2007-3544

Vulnerability Name:

CVE-2007-3544 (CCN-35061)

Assigned:

2007-06-23

Published:

2007-06-23

Updated:

2013-09-08

Summary:

Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts.
Note: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.

CVSS v3 Severity:

4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2007-3543

Source: MITRE
Type: CNA
CVE-2007-3544

Source: CCN
Type: WordPress multi-user (MU) Web site
WordPress MU > Home

Source: OSVDB
Type: UNKNOWN
37294

Source: CCN
Type: SA25794
WordPress Custom Field PHP Script Upload

Source: CCN
Type: WordPress Web site
WordPress › Blog Tool and Weblog Platform

Source: CCN
Type: Buayacorp Web site
Arbitrary File Upload Vulnerability in WordPress and WordPress MU

Source: MISC
Type: UNKNOWN
http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

Source: CCN
Type: OSVDB ID: 37294
WordPress / MU Multiple Script Unrestricted File Upload

Source: CCN
Type: OSVDB ID: 37295
WordPress / MU _wp_attached_file Metadata Unrestricted File Upload

Source: CCN
Type: BID-24642
WordPress Custom Field Arbitrary File Upload Vulnerability

Source: XF
Type: UNKNOWN
wordpress-wpapp-file-upload(35061)

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:* (Version <= 2.2.0)

OR cpe:/a:wordpress:wordpress_mu:*:*:*:*:*:*:*:* (Version <= 1.2.2)

Configuration CCN 1:

cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

Denotes that component is vulnerable

BACK