CVE-2007-3543 - Vulnerability Details - OpenCVE

Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01203.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress Subscribe	Wordpress Subscribe Wordpress Mu Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:wordpress:wordpress::::::::
	cpe:2.3:a:wordpress:wordpress_mu::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-3527	Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/37295
http://secunia.com/advisories/25794
http://trac.mu.wordpress.org/changeset/1005
http://www.buayacorp.com/files/wordpress/wordpress-advisory.html
http://www.securityfocus.com/bid/24642

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-03T20:00:00

Updated: 2024-08-07T14:21:36.337Z

Reserved: 2007-07-03T00:00:00

Link: CVE-2007-3543

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-07-03T20:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3543

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2008-11-15T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25794", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25794"}, {"name": "24642", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24642"}, {"name": "37295", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37295"}, {"tags": ["x_refsource_MISC"], "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.mu.wordpress.org/changeset/1005"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25794", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25794"}, {"name": "24642", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24642"}, {"name": "37295", "refsource": "OSVDB", "url": "http://osvdb.org/37295"}, {"name": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html", "refsource": "MISC", "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"}, {"name": "http://trac.mu.wordpress.org/changeset/1005", "refsource": "CONFIRM", "url": "http://trac.mu.wordpress.org/changeset/1005"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:21:36.337Z"}, "title": "CVE Program Container", "references": [{"name": "25794", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25794"}, {"name": "24642", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24642"}, {"name": "37295", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37295"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.mu.wordpress.org/changeset/1005"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3543", "datePublished": "2007-07-03T20:00:00", "dateReserved": "2007-07-03T00:00:00", "dateUpdated": "2024-08-07T14:21:36.337Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C80C0E7-DDB3-4BA4-866C-1C2ED8F4B012", "versionEndIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress_mu:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F1117E2-98ED-4215-BEAD-643BC6370C8F", "versionEndIncluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php."}, {"lang": "es", "value": "Vulnerabilidad de fichero de archivo no restringido en WordPress anterior a 2.2.1 y WordPress MU anterior a 1.2.3 permite a usuarios autenticados remotos subir y ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un post en el que se especifica un nombre de fichero .php en el campo de meta datos _wp_attached_file; entonces se env\u00eda el contenido del fichero, junto con su valor post_ID, a (1) wp-app.php o (2) app.php."}], "evaluatorImpact": "Successful exploitation requires valid Editor credentials and that the system is configured to allow uploads.", "id": "CVE-2007-3543", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-03T20:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37295"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25794"}, {"source": "cve@mitre.org", "url": "http://trac.mu.wordpress.org/changeset/1005"}, {"source": "cve@mitre.org", "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37295"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://trac.mu.wordpress.org/changeset/1005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24642"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}