CVE-2007-0107 in WordPressinfo

Summary

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

01/08/2007

Disclosure

01/08/2007

Moderation

VulDB entry created

Entries

VDB-34271 (1)

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.06942

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-0107
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0107
CVE Details	https://www.cvedetails.com/cve/CVE-2007-0107/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!