Vulnerabilities > CVE-2007-1622 - Unspecified vulnerability in Wordpress
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
Vulnerable Configurations
Exploit-Db
description | WordPress 2.x PHP_Self Cross-Site Scripting Vulnerability. CVE-2007-1622. Webapps exploit for php platform |
id | EDB-ID:29754 |
last seen | 2016-02-03 |
modified | 2007-03-19 |
published | 2007-03-19 |
reporter | Alexander Concha |
source | https://www.exploit-db.com/download/29754/ |
title | WordPress 2.x - PHP_Self Cross-Site Scripting Vulnerability |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1285.NASL |
description | - CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. - CVE-2007-1893 WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25152 |
published | 2007-05-03 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25152 |
title | Debian DSA-1285-1 : wordpress - several vulnerabilities |
code |
|
References
- http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
- http://secunia.com/advisories/24567
- http://www.debian.org/security/2007/dsa-1285
- http://secunia.com/advisories/25108
- http://www.securityfocus.com/bid/23027
- http://www.vupen.com/english/advisories/2007/1005
- http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006