Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-0107HistoryJan 09, 2007 - 12:28 a.m.
CVE-2007-0107
2007-01-0900:28:00
Debian Security Bug Tracker
security-tracker.debian.org
7
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | wordpress | < 2.0.6-1 | wordpress_2.0.6-1_all.deb |
| Debian | 11 | all | wordpress | < 2.0.6-1 | wordpress_2.0.6-1_all.deb |
| Debian | 10 | all | wordpress | < 2.0.6-1 | wordpress_2.0.6-1_all.deb |
| Debian | 999 | all | wordpress | < 2.0.6-1 | wordpress_2.0.6-1_all.deb |
| Debian | 13 | all | wordpress | < 2.0.6-1 | wordpress_2.0.6-1_all.deb |
Related
patchstack
patchstack
WordPress <= 2.0.5 - SQL Injection
2007-01-08 00:00:00
ubuntucve
ubuntucve
CVE-2007-0107
2007-01-09 00:00:00
prion
prion
Sql injection
2007-01-09 00:28:00
nessus
nessus
WordPress Trackback Charset Decoding SQL Injection
2007-01-12 00:00:00
GLSA-200701-10 : WordPress: Multiple vulnerabilities
2007-01-17 00:00:00
cve
cve
CVE-2007-0107
2007-01-09 00:28:00
openvas
openvas
Gentoo Security Advisory GLSA 200701-10 (wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200701-10 (wordpress)
2008-09-24 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2007-01-15 00:00:00
securityvulns
securityvulns
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
77.1%
Related for DEBIANCVE:CVE-2007-0107