ID CVE-2007-3543
Summary Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. Successful exploitation requires valid Editor credentials and that the system is configured to allow uploads.
References
Vulnerable Configurations
  • cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:beta:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:beta:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.71:beta3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.71:beta3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:beta2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.72:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:0.711:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.2.5:a:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.2.5:a:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.3:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.6:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.6:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.6:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.6:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.8:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.8:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.9:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.9:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.9:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.9:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.10:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.10:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.10:rc3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.10:rc3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.11:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.11:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.0.11:rc3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.0.11:rc3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:beta2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:beta2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:beta3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:beta3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:beta4:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:beta4:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.1.3:rc3:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.1.3:rc3:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.2:-:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.2:-:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress:2.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress:2.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress_mu:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress_mu:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress_mu:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress_mu:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress_mu:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress_mu:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress_mu:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress_mu:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wordpress:wordpress_mu:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wordpress:wordpress_mu:1.2.2:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 15-11-2008 - 06:53)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid 24642
confirm http://trac.mu.wordpress.org/changeset/1005
misc http://www.buayacorp.com/files/wordpress/wordpress-advisory.html
osvdb 37295
secunia 25794
Last major update 15-11-2008 - 06:53
Published 03-07-2007 - 20:30
Last modified 15-11-2008 - 06:53
Back to Top