Lucene search

[email protected]CVE-2007-6318

HistoryDec 12, 2007 - 12:46 a.m.

CVE-2007-6318

2007-12-1200:46:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2007-6318

sql injection

wordpress 2.3.1

security vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "" in a multibyte character.

Affected configurations

NVD

Node

wordpresswordpressMatch2.0

wordpresswordpressMatch2.0.1

wordpresswordpressMatch2.0.2

wordpresswordpressMatch2.0.3

wordpresswordpressMatch2.0.4

wordpresswordpressMatch2.0.5

wordpresswordpressMatch2.0.6

wordpresswordpressMatch2.0.7

wordpresswordpressMatch2.0.10

wordpresswordpressMatch2.0.10_rc1

wordpresswordpressMatch2.0.10_rc2

wordpresswordpressMatch2.1.1

wordpresswordpressMatch2.1.2

wordpresswordpressMatch2.1.3

wordpresswordpressMatch2.1.3_rc1

wordpresswordpressMatch2.1.3_rc2

wordpresswordpressMatch2.2

wordpresswordpressMatch2.2.1

wordpresswordpressMatch2.2.2

wordpresswordpressMatch2.2.3

wordpresswordpressMatch2.2_revision5002

wordpresswordpressMatch2.2_revision5003

wordpresswordpressMatch2.3

wordpresswordpressMatch2.3.1

CPENameOperatorVersion
wordpress:wordpresswordpresseq2.0
wordpress:wordpresswordpresseq2.0.1
wordpress:wordpresswordpresseq2.0.2
wordpress:wordpresswordpresseq2.0.3
wordpress:wordpresswordpresseq2.0.4
wordpress:wordpresswordpresseq2.0.5
wordpress:wordpresswordpresseq2.0.6
wordpress:wordpresswordpresseq2.0.7
wordpress:wordpresswordpresseq2.0.10
wordpress:wordpresswordpresseq2.0.10_rc1

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	eq	2.0
wordpress:wordpress	wordpress	eq	2.0.1
wordpress:wordpress	wordpress	eq	2.0.2
wordpress:wordpress	wordpress	eq	2.0.3
wordpress:wordpress	wordpress	eq	2.0.4
wordpress:wordpress	wordpress	eq	2.0.5
wordpress:wordpress	wordpress	eq	2.0.6
wordpress:wordpress	wordpress	eq	2.0.7
wordpress:wordpress	wordpress	eq	2.0.10
wordpress:wordpress	wordpress	eq	2.0.10_rc1