CVE-2007-3544
WordPress < 2.2.0 and WordPress MU < 1.2.2 - Authenticated Arbitrary File Upload
Title source: llmDescription
Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://www.buayacorp.com/files/wordpress/wordpress-advisory.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/37294
Scores
EPSS
0.0123
EPSS Percentile
79.4%
Details
Status
published
Products (2)
wordpress/wordpress
< 2.2.0
wordpress/wordpress_mu
< 1.2.2
Published
Jul 03, 2007
Tracked Since
Feb 18, 2026