1. Home
  2. CVE Database
  3. CVE-2007-1277
HIGH · 7.5

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary comman...

Vulnerability Description

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
WordpressWordpress2.1.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2007-1277?

CVE-2007-1277 is a vulnerability with a CVSS score of 7.5 (HIGH). WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary comman...

How severe is CVE-2007-1277?

CVE-2007-1277 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1277?

Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.