Lucene search

K
cve[email protected]CVE-2007-0107
HistoryJan 09, 2007 - 12:28 a.m.

CVE-2007-0107

2007-01-0900:28:00
NVD-CWE-Other
web.nvd.nist.gov
43
wordpress
sql injection
cve-2007-0107
mbstring
php
utf-7
nvd

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

CPENameOperatorVersion
wordpress:wordpresswordpressle2.0.5

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.2%