Lucene search

K

[email protected]NVD:CVE-2007-0107

HistoryJan 09, 2007 - 12:28 a.m.

CVE-2007-0107

2007-01-0900:28:00

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Affected configurations

NVD

Node

wordpresswordpressRange≤2.0.5

References

osvdb.org/31579

secunia.com/advisories/23595

secunia.com/advisories/23741

security.gentoo.org/glsa/glsa-200701-10.xml

securityreason.com/securityalert/2112

wordpress.org/development/2007/01/wordpress-206/

www.hardened-php.net/advisory_022007.141.html

www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html

www.securityfocus.com/archive/1/456049/100/0/threaded

www.securityfocus.com/bid/21907

www.vupen.com/english/advisories/2007/0061

exchange.xforce.ibmcloud.com/vulnerabilities/31297

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.4%

Related for NVD:CVE-2007-0107

nessus2 debiancve1 cve1 ubuntucve1 patchstack1 prion1 cvelist1 gentoo1 openvas2 securityvulns1