7.5
CVE-2007-1277
- EPSS 27.01%
- Veröffentlicht 05.03.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:16
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core 2.2.1 - Backdoor
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.2.2, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.01% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html
http://secunia.com/advisories/24374
http://wordpress.org/development/2007/03/upgrade-212/
http://www.kb.cert.org/vuls/id/214480
http://www.kb.cert.org/vuls/id/641456
http://www.securityfocus.com/archive/1/461794/100/0/threaded
http://www.securityfocus.com/bid/22797
http://www.vupen.com/english/advisories/2007/0812
https://exchange.xforce.ibmcloud.com/vulnerabilities/32804
https://exchange.xforce.ibmcloud.com/vulnerabilities/32807
https://www.wordfence.com/threat-intel/vulnerabilities/id/e5539ad8-4203-4d22-9a40-0ed6e0471e19