6.8
CVE-2007-0107
- EPSS 7.36%
- Veröffentlicht 09.01.2007 00:28:00
- Zuletzt bearbeitet 16.06.2026 22:34:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.0.5 - SQL Injection
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.0.6, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.36% | 0.936 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/23741
http://security.gentoo.org/glsa/glsa-200701-10.xml
http://secunia.com/advisories/23595
http://wordpress.org/development/2007/01/wordpress-206/
http://www.vupen.com/english/advisories/2007/0061
http://osvdb.org/31579
http://securityreason.com/securityalert/2112
http://www.hardened-php.net/advisory_022007.141.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
http://www.securityfocus.com/archive/1/456049/100/0/threaded
http://www.securityfocus.com/bid/21907
https://exchange.xforce.ibmcloud.com/vulnerabilities/31297
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4393526-6357-40ee-a024-f461d0430a62