Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tom Willmot | Backupwordpress Plugin | <= 0.4.2b |
| Wordpress | Wordpress | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/38476
- http://osvdb.org/38477
- http://osvdb.org/38478
- http://osvdb.org/38479
- http://wordpress.designpraxis.at/2007/11/01/backupwordpress-security-release/
- http://wordpress.designpraxis.at/2007/11/01/security-vulnerability-in-backupword
- http://www.securityfocus.com/bid/26290
- http://www.vupen.com/english/advisories/2007/3744Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38212
- https://www.exploit-db.com/exploits/4593
- http://osvdb.org/38476
- http://osvdb.org/38477
- http://osvdb.org/38478
- http://osvdb.org/38479
- http://wordpress.designpraxis.at/2007/11/01/backupwordpress-security-release/
FAQ
What is CVE-2007-5800?
CVE-2007-5800 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_pat...
How severe is CVE-2007-5800?
CVE-2007-5800 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5800?
Check the references section above for vendor advisories and patch information. Affected products include: Tom Willmot Backupwordpress Plugin, Wordpress Wordpress.