[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0107Date: (C)2007-01-08   (M)2023-12-22


WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/456049/100/0/threaded
SREASON-2112
BID-21907
SECUNIA-23595
SECUNIA-23741
OSVDB-31579
ADV-2007-0061
GLSA-200701-10
OpenPKG-SA-2007.005
http://wordpress.org/development/2007/01/wordpress-206/
http://www.hardened-php.net/advisory_022007.141.html
wordpress-mbstring-security-bypass(31297)

CPE    1
cpe:/a:wordpress:wordpress

© SecPod Technologies