CVE-2007-1277
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/29702no verificadoexploitdbwww.exploit-db.com/exploits/29701no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.htmlhttp://secunia.com/advisories/24374https://exchange.xforce.ibmcloud.com/vulnerabilities/32804https://exchange.xforce.ibmcloud.com/vulnerabilities/32807http://wordpress.org/development/2007/03/upgrade-212/http://www.kb.cert.org/vuls/id/214480http://www.kb.cert.org/vuls/id/641456http://www.securityfocus.com/archive/1/461794/100/0/threadedhttp://www.securityfocus.com/bid/22797http://www.vupen.com/english/advisories/2007/0812