PT-2007-2694 · WordPress · Wordpress
Published
2007-03-05
·
Updated
2018-10-16
·
CVE-2007-1277
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WordPress version 2.1.1
Description
The issue allows remote attackers to execute arbitrary commands. This is achieved through an eval injection vulnerability in the
ix parameter to "wp-includes/feed.php" and an untrusted passthru call in the iz parameter to "wp-includes/theme.php".Recommendations
For WordPress version 2.1.1, consider removing or restricting access to the affected files "wp-includes/feed.php" and "wp-includes/theme.php" to minimize the risk of exploitation. Avoid using the
ix and iz parameters in the respective API endpoints until the issue is resolved.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress