ID CVE-2007-6318 Type cve Reporter NVD Modified 2017-08-07T21:29:05
Description
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
{"id": "CVE-2007-6318", "bulletinFamily": "NVD", "title": "CVE-2007-6318", "description": "SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a \"\\\" in a multibyte character.", "published": "2007-12-11T19:46:00", "modified": "2017-08-07T21:29:05", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6318", "reporter": "NVD", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html", "http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt", "http://www.vupen.com/english/advisories/2007/4172", "http://www.securityfocus.com/archive/1/archive/1/484828/100/0/threaded", "http://www.securitytracker.com/id?1019071", "http://securityreason.com/securityalert/3433", "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html", "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html", "http://www.securityfocus.com/bid/26795", "https://exchange.xforce.ibmcloud.com/vulnerabilities/38959"], "cvelist": ["CVE-2007-6318"], "type": "cve", "lastseen": "2017-08-08T11:24:23", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:wordpress:wordpress:2.2.2", "cpe:/a:wordpress:wordpress:2.2", "cpe:/a:wordpress:wordpress:2.0.10_rc1", "cpe:/a:wordpress:wordpress:2.0", "cpe:/a:wordpress:wordpress:2.1.3", "cpe:/a:wordpress:wordpress:2.1.3_rc1", "cpe:/a:wordpress:wordpress:2.0.6", "cpe:/a:wordpress:wordpress:2.3", "cpe:/a:wordpress:wordpress:2.0.7", "cpe:/a:wordpress:wordpress:2.2_revision5003", "cpe:/a:wordpress:wordpress:2.0.10", "cpe:/a:wordpress:wordpress:2.2_revision5002", "cpe:/a:wordpress:wordpress:2.0.4", "cpe:/a:wordpress:wordpress:2.1.1", "cpe:/a:wordpress:wordpress:2.0.10_rc2", "cpe:/a:wordpress:wordpress:2.0.5", "cpe:/a:wordpress:wordpress:2.1.3_rc2", "cpe:/a:wordpress:wordpress:2.2.3", "cpe:/a:wordpress:wordpress:2.1.2", "cpe:/a:wordpress:wordpress:2.0.2", "cpe:/a:wordpress:wordpress:2.2.1", "cpe:/a:wordpress:wordpress:2.0.3", "cpe:/a:wordpress:wordpress:2.0.1", "cpe:/a:wordpress:wordpress:2.3.1"], "cvelist": ["CVE-2007-6318"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a \"\\\" in a multibyte character.", "edition": 1, "enchantments": {}, "hash": "27fed9ae905bed4792cc8e4ce50e5b1798799fff47f955518a1a6c79123c5720", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "9832443981e9b73f18b77c320a72275c", "key": "href"}, {"hash": "1cbe5af76b871110c3e66b22d0d788ce", "key": "cpe"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "4a5431ab0595fa9dabb38d61215ddac1", "key": "modified"}, {"hash": "f867cc7588512365ec51dc925b926491", "key": "published"}, {"hash": "c2dcc239f93077ee331231fbf6a8c85a", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9c02e93be6e3818eb2ef7a061840b191", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "57f695ebff3556a16b0524d360309ee4", "key": "title"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5baea0d1d16ccaa28d8675b015e20079", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6318", "id": "CVE-2007-6318", "lastseen": "2016-09-03T09:50:48", "modified": "2011-03-07T22:02:24", "objectVersion": "1.2", "published": "2007-12-11T19:46:00", "references": ["https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.html", "http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt", "http://www.vupen.com/english/advisories/2007/4172", "http://www.securityfocus.com/archive/1/archive/1/484828/100/0/threaded", "http://xforce.iss.net/xforce/xfdb/38959", "http://www.securitytracker.com/id?1019071", "http://securityreason.com/securityalert/3433", "http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html", "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html", "http://www.securityfocus.com/bid/26795"], "reporter": "NVD", "scanner": [], "title": "CVE-2007-6318", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T09:50:48"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "1cbe5af76b871110c3e66b22d0d788ce"}, {"key": "cvelist", "hash": "9c02e93be6e3818eb2ef7a061840b191"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "c2dcc239f93077ee331231fbf6a8c85a"}, {"key": "href", "hash": "9832443981e9b73f18b77c320a72275c"}, {"key": "modified", "hash": "313ec22612896e75aeec64350adaec75"}, {"key": "published", "hash": "f867cc7588512365ec51dc925b926491"}, {"key": "references", "hash": "cd1c219fed4db830b5b4e18e1830e038"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "57f695ebff3556a16b0524d360309ee4"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "84abf2ac080b0f2613982189c1aca2e3e047bebeb1daeaef79207f7430088a21", "viewCount": 1, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:wordpress:wordpress:2.2.2", "cpe:/a:wordpress:wordpress:2.2", "cpe:/a:wordpress:wordpress:2.0.10_rc1", "cpe:/a:wordpress:wordpress:2.0", "cpe:/a:wordpress:wordpress:2.1.3", "cpe:/a:wordpress:wordpress:2.1.3_rc1", "cpe:/a:wordpress:wordpress:2.0.6", "cpe:/a:wordpress:wordpress:2.3", "cpe:/a:wordpress:wordpress:2.0.7", "cpe:/a:wordpress:wordpress:2.2_revision5003", "cpe:/a:wordpress:wordpress:2.0.10", "cpe:/a:wordpress:wordpress:2.2_revision5002", "cpe:/a:wordpress:wordpress:2.0.4", "cpe:/a:wordpress:wordpress:2.1.1", "cpe:/a:wordpress:wordpress:2.0.10_rc2", "cpe:/a:wordpress:wordpress:2.0.5", "cpe:/a:wordpress:wordpress:2.1.3_rc2", "cpe:/a:wordpress:wordpress:2.2.3", "cpe:/a:wordpress:wordpress:2.1.2", "cpe:/a:wordpress:wordpress:2.0.2", "cpe:/a:wordpress:wordpress:2.2.1", "cpe:/a:wordpress:wordpress:2.0.3", "cpe:/a:wordpress:wordpress:2.0.1", "cpe:/a:wordpress:wordpress:2.3.1"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"osvdb": [{"id": "OSVDB:39552", "type": "osvdb", "title": "WordPress wp-includes/query.php s Variable SQL Injection", "description": "## Vulnerability Description\nWordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'wp-includes/query.php' script not properly sanitizing user-supplied input to the 's' variable when DB_CHARSET is set to character set encodings that support a \"\\\" in a multibyte character. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Manual Testing Notes\nhttp://[target]/wordpress/index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23\n## References:\nVendor URL: http://wordpress.org/\nSecurity Tracker: 1019071\n[Secunia Advisory ID:28005](https://secuniaresearch.flexerasoftware.com/advisories/28005/)\n[Secunia Advisory ID:28310](https://secuniaresearch.flexerasoftware.com/advisories/28310/)\nOther Advisory URL: http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html\nMail List Post: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.html\nISS X-Force ID: 38959\nFrSIRT Advisory: ADV-2007-4172\n[CVE-2007-6318](https://vulners.com/cve/CVE-2007-6318)\nBugtraq ID: 26795\n", "published": "2007-12-10T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:39552", "cvelist": ["CVE-2007-6318"], "lastseen": "2017-04-28T13:20:35"}], "exploitdb": [{"id": "EDB-ID:4721", "type": "exploitdb", "title": "WordPress <= 2.3.1 - Charset Remote SQL Injection Vulnerability", "description": "Wordpress <= 2.3.1 Charset Remote SQL Injection Vulnerability. CVE-2007-6318. Webapps exploit for php platform", "published": "2007-12-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/4721/", "cvelist": ["CVE-2007-6318"], "lastseen": "2016-01-31T21:36:57"}], "seebug": [{"id": "SSV:2773", "type": "seebug", "title": "WordPress wp-db.php Character Set SQL Injection Vulnerability", "description": "CVE-2007-6318\r\n\r\nWordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n\r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \n\nWordPress WordPress 2.3.1 \r\nWordPress WordPress 2.2.3 \r\nWordPress WordPress 2.2.2 \r\nWordPress WordPress 2.2.1 \r\nWordPress WordPress 2.2.1 \r\nWordPress WordPress 2.1.3 \r\nWordPress WordPress 2.1.3 \r\nWordPress WordPress 2.1.2 \r\nWordPress WordPress 2.1.1 \r\nWordPress WordPress 2.0.10 \r\nWordPress WordPress 2.0.7 \r\nWordPress WordPress 2.0.6 \r\nWordPress WordPress 2.0.5 \r\nWordPress WordPress 2.0.4 \r\nWordPress WordPress 2.0.3 \r\nWordPress WordPress 2.0.2 \r\nWordPress WordPress 2.0.1 \r\nWordPress WordPress 2.0 \r\nWordPress WordPress 2.3\r\nWordPress WordPress 2.2 Revision 5003\r\nWordPress WordPress 2.2 Revision 5002\r\nWordPress WordPress 2.2\r\nWordPress WordPress 2.1.3-RC2\r\nWordPress WordPress 2.1.3-RC1\r\nWordPress WordPress 2.1\r\nWordPress WordPress 2.0.10-RC2\r\nWordPress WordPress 2.0.10-RC1\r\nRedHat Fedora 8 0\r\nRedHat Fedora 7 0\r\n\n \u5b98\u65b9\u6682\u65e0\r\n\u8bf7\u53c2\u9605\u53c2\u8003\u8d44\u6599\uff0c\u4e3a\u5382\u5546\u8b66\u544a\u3002", "published": "2008-01-06T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-2773", "cvelist": ["CVE-2007-6318"], "lastseen": "2017-11-19T22:02:03"}], "nessus": [{"id": "FEDORA_2008-0126.NASL", "type": "nessus", "title": "Fedora 7 : wordpress-2.3.2-1.fc7 (2008-0126)", "description": "This closes :\n\nhttp://www.blackhatdomainer.com/how-to-know-today-what-shoemoney-is-go ing-to-post-tomorrow/\n\nhttp://www.securityfocus.com/archive/1/485252/30/0/threaded\n\nhttp://trac.wordpress.org/ticket/5487\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29845", "cvelist": ["CVE-2007-6013", "CVE-2007-6318"], "lastseen": "2017-10-29T13:44:36"}, {"id": "FEDORA_2008-0103.NASL", "type": "nessus", "title": "Fedora 8 : wordpress-2.3.2-1.fc8 (2008-0103)", "description": "This closes :\n\nhttp://www.blackhatdomainer.com/how-to-know-today-what-shoemoney-is-go ing-to-post-tomorrow/\n\nhttp://www.securityfocus.com/archive/1/485252/30/0/threaded\n\nhttp://trac.wordpress.org/ticket/5487\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-04T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29843", "cvelist": ["CVE-2007-6013", "CVE-2007-6318"], "lastseen": "2017-10-29T13:43:26"}], "openvas": [{"id": "OPENVAS:860813", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2008-0103", "description": "Check for the Version of wordpress", "published": "2009-02-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860813", "cvelist": ["CVE-2007-6013", "CVE-2007-6318"], "lastseen": "2017-07-25T10:56:00"}, {"id": "OPENVAS:860301", "type": "openvas", "title": "Fedora Update for wordpress FEDORA-2008-0126", "description": "Check for the Version of wordpress", "published": "2009-02-17T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860301", "cvelist": ["CVE-2007-6013", "CVE-2007-6318"], "lastseen": "2017-07-25T10:56:19"}]}}
