CVE-2007-1277

{"id": "CVE-2007-1277", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-03-05T20:19:00.000", "references": [{"url": "http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24374", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wordpress.org/development/2007/03/upgrade-212/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/214480", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.kb.cert.org/vuls/id/641456", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/461794/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22797", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0812", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32804", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32807", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php."}, {"lang": "es", "value": "WordPress 2.1.1, descargado desde algunos sitios de distribuci\u00f3n oficial durante febrero y marzo de 2007, contiene una puerta trasera introducida externamente que permite a atacantes remotos ejecutar comandos de su elecci\u00f3n mediante (1) una vulnerabilidad de inyecci\u00f3n en eval en el par\u00e1metro ix de wp-includes/feed.php, y (2) una llamada a passthru no confiable en el par\u00e1metro iz de wp-includes/theme.php."}], "lastModified": "2018-10-16T16:37:43.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7CBC45-320E-48CF-9A63-07DDE2FB61BE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nhttp://wordpress.org/development/2007/03/upgrade-212/"}