6.8

CVE-2007-0107

Exploit

WordPress Core <= 2.0.5 - SQL Injection

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.0.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 2.0.5
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version *-2.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.36% 0.936
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23741
http://security.gentoo.org/glsa/glsa-200701-10.xml
http://secunia.com/advisories/23595
Patch
Vendor Advisory
http://wordpress.org/development/2007/01/wordpress-206/
Patch
http://www.vupen.com/english/advisories/2007/0061
http://osvdb.org/31579
http://securityreason.com/securityalert/2112
http://www.hardened-php.net/advisory_022007.141.html
Patch
Vendor Advisory
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/456049/100/0/threaded
http://www.securityfocus.com/bid/21907
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/31297
https://www.wordfence.com/threat-intel/vulnerabilities/id/f4393526-6357-40ee-a024-f461d0430a62
Third Party Advisory