CVE-2007-1277
CVE-2007-1277
WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 2
exploitdbwww.exploit-db.com/exploits/29702não verificadoexploitdbwww.exploit-db.com/exploits/29701não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.htmlhttp://secunia.com/advisories/24374https://exchange.xforce.ibmcloud.com/vulnerabilities/32804https://exchange.xforce.ibmcloud.com/vulnerabilities/32807http://wordpress.org/development/2007/03/upgrade-212/http://www.kb.cert.org/vuls/id/214480http://www.kb.cert.org/vuls/id/641456http://www.securityfocus.com/archive/1/461794/100/0/threadedhttp://www.securityfocus.com/bid/22797http://www.vupen.com/english/advisories/2007/0812