Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-6318

Published: 12/12/2007 Updated: 15/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Wordpress

Vulnerability Summary

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 2.0.10

wordpress wordpress 2.0.10_rc1

wordpress wordpress 2.0.7

wordpress wordpress 2.1.1

wordpress wordpress 2.2.3

wordpress wordpress 2.2_revision5002

wordpress wordpress 2.0

wordpress wordpress 2.0.1

wordpress wordpress 2.0.5

wordpress wordpress 2.0.6

wordpress wordpress 2.2.1

wordpress wordpress 2.2.2

wordpress wordpress 2.0.3

wordpress wordpress 2.0.4

wordpress wordpress 2.1.3_rc1

wordpress wordpress 2.1.3_rc2

wordpress wordpress 2.2

wordpress wordpress 2.3.1

wordpress wordpress 2.0.10_rc2

wordpress wordpress 2.0.2

wordpress wordpress 2.1.2

wordpress wordpress 2.1.3

wordpress wordpress 2.2_revision5003

wordpress wordpress 2.3

Exploits

Exploit DB: WordPress 2.3.1 - Charset SQL Injection
=== WordPress Charset SQL Injection Vulnerability === Release date: 2007-12-10 Last modified: 2007-12-12 Source: Abel Cheung <abelcheung at gmail dot com> Affected version: WordPress <= 231 Exploit type: Remote Risk: Moderate CVE: pending Reference: wwwabelcheungorg/advisory/20071210-wordpress-charsettxt 1 Summary 2 Detail ...

References

CWE-89http://www.abelcheung.org/advisory/20071210-wordpress-charset.txthttp://www.securityfocus.com/bid/26795http://secunia.com/advisories/28005http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.htmlhttp://www.securitytracker.com/id?1019071http://secunia.com/advisories/28310http://securityreason.com/securityalert/3433http://www.vupen.com/english/advisories/2007/4172https://exchange.xforce.ibmcloud.com/vulnerabilities/38959http://www.securityfocus.com/archive/1/484828/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/4721/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook