6.8

CVE-2007-0107

Exploit

EPSS 6.94%
Veröffentlicht 09.01.2007 00:28:00
Zuletzt bearbeitet 23.04.2026 00:35:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WordPress Core <= 2.0.5 - SQL Injection

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Mögliche Gegenmaßnahme

WordPress: Update to version 2.0.6, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 16

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Wordpress Version <= 2.0.5

Weitere Schwachstelleninformationen

SystemWordPress Core

≫

Produkt WordPress

Version *-2.0.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.94%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/23741

http://security.gentoo.org/glsa/glsa-200701-10.xml

http://secunia.com/advisories/23595

Patch

Vendor Advisory

http://wordpress.org/development/2007/01/wordpress-206/

Patch

http://www.vupen.com/english/advisories/2007/0061

http://osvdb.org/31579

http://securityreason.com/securityalert/2112

http://www.hardened-php.net/advisory_022007.141.html

Patch

Vendor Advisory

http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html

Patch

Vendor Advisory

http://www.securityfocus.com/archive/1/456049/100/0/threaded

http://www.securityfocus.com/bid/21907

Patch

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/31297

https://www.wordfence.com/threat-intel/vulnerabilities/id/f4393526-6357-40ee-a024-f461d0430a62

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-0107

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0107

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0107

EUVD