CVE-2007-3543
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-3543
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress自定义字段任意文件上传漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
"WordPress是一款免费的论坛Blog系统。 WordPress处理用户提交的数据时存在漏洞,远程攻击者可能利用此漏洞非授权操作文件。 WordPress允许上传有限的文件附件组,其中名称、标题等以post_type=attachment存储到了wp_posts表中,而路径和其他文件属性以名为_wp_attached_file和_wp_attachment_metadata的特殊字段被存储到了wp_postmeta表中。 WordPress还允许在正常的张贴或页面中添加自定义字段,该自定义字段也被存
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-3543
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-3543
Please Login to view more intelligence information
- http://www.buayacorp.com/files/wordpress/wordpress-advisory.htmlx_refsource_MISC
- http://trac.mu.wordpress.org/changeset/1005x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2007-3543
Same Patch Batch · n/a · 2007-07-03 · 46 CVEs total
| CVE-2007-3524 | Ripe Website Manager 多个文件包含漏洞 | |
| CVE-2007-3527 | Firebird Relational Database 2.0.0 远程拒绝服务漏洞 | |
| CVE-2007-3529 | PHPDirector 参数空值漏洞 | |
| CVE-2007-3512 | Lhaca File Archiver 缓冲区溢出漏洞 | |
| CVE-2007-3513 | Linux Kernel USBLCD内存耗尽拒绝服务漏洞 | |
| CVE-2007-3514 | Apple Safari 跨域漏洞 | |
| CVE-2007-2835 | Unicon-imc2环境变量本地缓冲区溢出漏洞 | |
| CVE-2007-2838 | GSAMBAD 不安全临时文件创建漏洞 | |
| CVE-2007-3511 | Mozilla FireFox OnKeyDown事件文件上传漏洞 | |
| CVE-2007-3525 | Ripe Website Manager 远程攻击漏洞 | |
| CVE-2007-3526 | Buddy Zone SQL注入漏洞 | |
| CVE-2007-3523 | XCMS 目录遍历漏洞 | |
| CVE-2007-3522 | sPHPell 多个文件包含漏洞 | |
| CVE-2007-3521 | ArcadeBuilder Game Portal Manager SQL注入漏洞 | |
| CVE-2007-3520 | Easybe SQL注入漏洞 | |
| CVE-2007-3519 | phpEventCalendar SQL注入漏洞 | |
| CVE-2007-3518 | HispaH YouTube Clone Script SQL注入漏洞 | |
| CVE-2007-3517 | Claroline 跨站脚本漏洞 | |
| CVE-2007-3516 | Gorki Online Santrac Sitesi 跨站脚本漏洞 | |
| CVE-2007-3515 | TotalCalendar View_Event Script SQL注入漏洞 |
Showing top 20 of 46 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2007-3543
No comments yet