Lucene search

K

MitreCVELIST:CVE-2007-0107

HistoryJan 09, 2007 - 12:00 a.m.

CVE-2007-0107

2007-01-0900:00:00

mitre

www.cve.org

1

8.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

References

osvdb.org/31579

secunia.com/advisories/23595

secunia.com/advisories/23741

security.gentoo.org/glsa/glsa-200701-10.xml

securityreason.com/securityalert/2112

wordpress.org/development/2007/01/wordpress-206/

www.hardened-php.net/advisory_022007.141.html

www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html

www.securityfocus.com/archive/1/456049/100/0/threaded

www.securityfocus.com/bid/21907

www.vupen.com/english/advisories/2007/0061

exchange.xforce.ibmcloud.com/vulnerabilities/31297

8.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

Related for CVELIST:CVE-2007-0107

nessus2 debiancve1 nvd1 cve1 prion1 patchstack1 ubuntucve1 gentoo1 openvas2 securityvulns1