CVE-2007-0107 Information

Feb 14, 2021 cve

Description

WordPress before 2.0.6 when mbstring is enabled for PHP decodes alternate character sets after escaping the SQL query which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets as demonstrated using UTF-7.

Reference

http://osvdb.org/31579 http://secunia.com/advisories/23595 http://secunia.com/advisories/23741 http://security.gentoo.org/glsa/glsa-200701-10.xml http://securityreason.com/securityalert/2112 http://wordpress.org/development/2007/01/wordpress-206/ http://www.hardened-php.net/advisory_022007.141.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html http://www.securityfocus.com/archive/1/456049/100/0/threaded http://www.securityfocus.com/bid/21907 http://www.vupen.com/english/advisories/2007/0061 https://exchange.xforce.ibmcloud.com/vulnerabilities/31297

Share on: