Published: 09/01/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

WordPress prior to 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote malicious users to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress

Debian Bug report logs - #405691 wordpress: new upstream: 206 Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Kees Cook <kees@outfluxnet> Date: Fri, 5 Jan 2007 17:18:21 UTC Severity: grave Tags: security Fo ...

#!/usr/bin/python ####################################################################### # _ _ _ _ ___ _ _ ___ # | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ # | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ # |_||_|\__,_||_| \__,_|\___||_||_|\___|\__,_| | ...

NVD-CWE-Other http://www.hardened-php.net/advisory_022007.141.html http://wordpress.org/development/2007/01/wordpress-206/http://www.securityfocus.com/bid/21907 http://secunia.com/advisories/23595 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html http://security.gentoo.org/glsa/glsa-200701-10.xml http://secunia.com/advisories/23741 http://securityreason.com/securityalert/2112 http://osvdb.org/31579 http://www.vupen.com/english/advisories/2007/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/31297 http://www.securityfocus.com/archive/1/456049/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691 https://nvd.nist.gov https://www.exploit-db.com/exploits/3095/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0107

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect