Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-0107

Опубликовано: 09 янв. 2007
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8

Описание

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

edgy

ignored

end of life, was needed
feisty

not-affected

gutsy

not-affected

hardy

not-affected

intrepid

not-affected

jaunty

not-affected

karmic

not-affected

upstream

released

2.0.6

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06324
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

nvd
больше 18 лет назад

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

debian
больше 18 лет назад

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alte ...

github
больше 3 лет назад

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

EPSS

Процентиль: 91%
0.06324
Низкий

6.8 Medium

CVSS2