Lucene search

K

PRIOn knowledge basePRION:CVE-2007-1277

HistoryMar 05, 2007 - 8:19 p.m.

Design/Logic Flaw

2007-03-0520:19:00

PRIOn knowledge base

www.prio-n.com

5

AI Score

7.9

Confidence

Low

EPSS

0.963

Percentile

99.6%

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

References

secunia.com/advisories/24374

wordpress.org/development/2007/03/upgrade-212/

www.kb.cert.org/vuls/id/214480

www.kb.cert.org/vuls/id/641456

www.securityfocus.com/archive/1/461794/100/0/threaded

www.securityfocus.com/bid/22797

www.vupen.com/english/advisories/2007/0812

exchange.xforce.ibmcloud.com/vulnerabilities/32804

exchange.xforce.ibmcloud.com/vulnerabilities/32807

ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html

AI Score

7.9

Confidence

Low

EPSS

0.963

Percentile

99.6%

Related for PRION:CVE-2007-1277

nvd1 cvelist1 wpvulndb1 cve1 patchstack1 wpexploit1 nessus1 cert2 debiancve1 ubuntucve1 checkpoint_advisories1 securityvulns1