WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
osvdb.org/31579
secunia.com/advisories/23595
secunia.com/advisories/23741
security.gentoo.org/glsa/glsa-200701-10.xml
securityreason.com/securityalert/2112
wordpress.org/development/2007/01/wordpress-206/
www.hardened-php.net/advisory_022007.141.html
www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
www.securityfocus.com/archive/1/456049/100/0/threaded
www.securityfocus.com/bid/21907
www.vupen.com/english/advisories/2007/0061
exchange.xforce.ibmcloud.com/vulnerabilities/31297