CVE-2007-1277
WordPress Core 2.2.1 - Backdoor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
WordPress 2.1.1, descargado desde algunos sitios de distribución oficial durante febrero y marzo de 2007, contiene una puerta trasera introducida externamente que permite a atacantes remotos ejecutar comandos de su elección mediante (1) una vulnerabilidad de inyección en eval en el parámetro ix de wp-includes/feed.php, y (2) una llamada a passthru no confiable en el parámetro iz de wp-includes/theme.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-03-02 First Exploit
- 2007-03-03 CVE Published
- 2007-03-05 CVE Reserved
- 2024-08-07 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-506: Embedded Malicious Code
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/214480 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/641456 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/461794/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/22797 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0812 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32804 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32807 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/29702 | 2007-03-02 | |
| https://www.exploit-db.com/exploits/29701 | 2007-03-02 | |
| http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/24374 | 2018-10-16 | |
| http://wordpress.org/development/2007/03/upgrade-212 | 2018-10-16 |