6.8
CVE-2007-6318
- EPSS 9.16%
- Veröffentlicht 12.12.2007 00:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core < 2.3.2 - SQL Injection
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.3.2, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-2.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.16% | 0.947 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
http://secunia.com/advisories/28310
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html
http://secunia.com/advisories/28005
http://securityreason.com/securityalert/3433
http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt
http://www.securityfocus.com/archive/1/484828/100/0/threaded
http://www.securityfocus.com/bid/26795
http://www.securitytracker.com/id?1019071
http://www.vupen.com/english/advisories/2007/4172
https://exchange.xforce.ibmcloud.com/vulnerabilities/38959
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad674f7-aff6-432d-9c4c-95aebf8fcf6b