CVE-2007-0107
N/A
N/A
Summary
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31297
- http://www.securityfocus.com/bid/21907
- http://secunia.com/advisories/23741
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
- http://security.gentoo.org/glsa/glsa-200701-10.xml
- http://osvdb.org/31579
- http://wordpress.org/development/2007/01/wordpress-206/
- http://secunia.com/advisories/23595
- http://www.securityfocus.com/archive/1/456049/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0061
- http://www.hardened-php.net/advisory_022007.141.html
- http://securityreason.com/securityalert/2112
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31297
- http://www.securityfocus.com/bid/21907
- http://secunia.com/advisories/23741
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
- http://security.gentoo.org/glsa/glsa-200701-10.xml
- http://osvdb.org/31579
- http://wordpress.org/development/2007/01/wordpress-206/
- http://secunia.com/advisories/23595
- http://www.securityfocus.com/archive/1/456049/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0061
- http://www.hardened-php.net/advisory_022007.141.html
- http://securityreason.com/securityalert/2112
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.