CVE-2007-1622

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/24567	Vendor Advisory
http://secunia.com/advisories/25108
http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006
http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt	Exploit Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1285
http://www.securityfocus.com/bid/23027
http://www.vupen.com/english/advisories/2007/1005

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wordpress:wordpress:2.0:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.3:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.4:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.5:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.6:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.7:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10:::::::*
	cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.1:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*
	cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:::::::*

History

07 Nov 2023, 02:00

Type	Values Removed	Values Added
References	~~{'url': 'http://sla.ckers.org/forum/read.php?2,7935#msg-8006', 'name': 'http://sla.ckers.org/forum/read.php?2,7935#msg-8006', 'tags': [], 'refsource': 'MISC'}~~	() http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006 -

Information

Published : 2007-03-23 00:19

Updated : 2023-12-10 10:40

NVD link : CVE-2007-1622

Mitre link : CVE-2007-1622

CVE.ORG link : CVE-2007-1622

JSON object : View

Products Affected

wordpress

wordpress

CWE

NVD-CWE-Other

{"id": "CVE-2007-1622", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-03-23T00:19:00.000", "references": [{"url": "http://secunia.com/advisories/24567", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25108", "source": "cve@mitre.org"}, {"url": "http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006", "source": "cve@mitre.org"}, {"url": "http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1285", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23027", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1005", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-admin/vars.php en WordPress anterior a 2.0.10 RC2, y anterior a 2.1.3 RC2 en las series 2.1, permite a usuarios remotos validados con privlegios de tema inyectar secuencias de comandos web o HTML a trav\u00e9s de PATH_INFO en la interfaz de administrador, relacionado con el proceso regular el flujo de la expresi\u00f3n de PHP_SELF."}], "lastModified": "2023-11-07T02:00:25.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDCFE9AA-39E9-4366-AAB7-F7A891BC797E"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAF4671A-8449-438E-922B-94E5542137BC"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92F05A1F-2227-4166-807B-1BDE2EA8F245"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CF73E23-7CD0-429C-986B-5F721F1696BC"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EECE66B3-3696-4E98-AF63-DF2FB256A6FB"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E75BB382-6B47-4C6A-BF94-80443BEB1A23"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFA75368-506F-4772-B0F2-8AAECDF288F2"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDD9E5C-766F-4945-B87D-781E780AB03E"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A0CAEE-5C14-44C6-85FB-6AFDAAA1C3F2"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77D85664-E355-4A68-89EB-D5C9D0E6B916"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A3624D4-E666-4A1B-B465-714ACBA0034C"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A7CBC45-320E-48CF-9A63-07DDE2FB61BE"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "266E32CD-66FB-4E19-8091-EC748B177D8A"}, {"criteria": "cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14B0A9E4-9D09-4127-AF8B-4DA6D488E67C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}