CVE

Id
26901  
CVE No.
CVE-2007-3544  
Status
Candidate  
Description
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.  
Phase
Assigned (20070703)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
274606 26901 CVE-2007-3544 MISC:http://www.buayacorp.com/files/wordpress/wordpress-advisory.html  View
274607 26901 CVE-2007-3544 OSVDB:37294  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55373 JVNDB-2007-004065 Nessus Vulnerability Scanner の Windows GUI におけるクロスサイトスクリプティングの脆弱性 Nessus Vulnerability Scanner の Windows GUI には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2007-3546 26901 4.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004065.html  View