CVE-2007-3543

Published: Jul 3, 2007Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

Affected (2)

Products: Wordpress: Wordpress, Wordpress Mu

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wordpress Wordpress	Up to 2.2.0
Wordpress Wordpress Mu	Up to 1.2.2

References (10)

http://osvdb.org/37295

Source: cve@mitre.org

http://secunia.com/advisories/25794

Source: cve@mitre.org

Vendor Advisory

http://trac.mu.wordpress.org/changeset/1005

Source: cve@mitre.org

http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/24642

Source: cve@mitre.org

http://osvdb.org/37295

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25794

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://trac.mu.wordpress.org/changeset/1005

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24642

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.