CVE-2007-3544 - CVE Reference - Advisories

CVE Reference: CVE-2007-3544

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3544

Description: Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.

CVE Status: Candidate

References: MISC http://www.buayacorp.com/files/wordpress/wordpress-advisory.html

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	WMNews Cross-Site Scripting Vulnerabilities

2.	Joomla Community Builder Component File Inclusion

3.	dotProject SQL Injection and Cross-Site Scripting

4.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

5.	Novell eDirectory Multiple Vulnerabilities

6.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

7.	Caudium "configvar" Insecure Temporary Files

8.	Slackware update for amarok

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	Adium MSN SLP Message Integer Overflow Vulnerabilities