Lucene search

K

PRIOn knowledge basePRION:CVE-2007-0107

HistoryJan 09, 2007 - 12:28 a.m.

Sql injection

2007-01-0900:28:00

PRIOn knowledge base

www.prio-n.com

1

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

CPENameOperatorVersion
wordpressle2.0.5

References

osvdb.org/31579

secunia.com/advisories/23595

secunia.com/advisories/23741

security.gentoo.org/glsa/glsa-200701-10.xml

securityreason.com/securityalert/2112

wordpress.org/development/2007/01/wordpress-206/

www.hardened-php.net/advisory_022007.141.html

www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html

www.securityfocus.com/archive/1/456049/100/0/threaded

www.securityfocus.com/bid/21907

www.vupen.com/english/advisories/2007/0061

exchange.xforce.ibmcloud.com/vulnerabilities/31297

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

Related for PRION:CVE-2007-0107

nessus2 patchstack1 ubuntucve1 debiancve1 cve1 gentoo1 openvas2 securityvulns1