CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3543 – WordPress Core <= 2.2 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-3543
03 Jul 2007 — Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php. Vulnerabilidad de fichero de archivo no restringido en WordPress anterior a 2.2.1 y WordPress MU anterior a 1.2.3 permite a usuarios autenticados remot... • http://osvdb.org/37295 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2007-3544 – WordPress Core <= 2.2.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2007-3544
03 Jul 2007 — Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543. Vulnerabilidad e envío de archivo no restringido en (1) wp-app.php y (2) app.php de WordPresss 2.2.1 y WordPr... • http://osvdb.org/37294 • CWE-434: Unrestricted Upload of File with Dangerous Type •