WordPress prior to 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote malicious users to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wordpress wordpress |