Vulnerability Details : CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Vulnerability category: Sql Injection
Products affected by CVE-2007-0107
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Threat overview for CVE-2007-0107
Top countries where our scanners detected CVE-2007-0107
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-0107 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-0107!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-0107
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0107
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2007-0107
-
http://security.gentoo.org/glsa/glsa-200701-10.xml
WordPress: Multiple vulnerabilities (GLSA 200701-10) — Gentoo security
-
http://www.securityfocus.com/bid/21907
Exploit;Patch
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.html
Patch;Vendor Advisory
-
http://securityreason.com/securityalert/2112
WordPress Trackback Charset Decoding SQL Injection Vulnerability - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31297
WordPress mbstring extension security bypass CVE-2007-0107 Vulnerability Report
-
http://www.hardened-php.net/advisory_022007.141.html
Hardened PHP - Hardened-PHPPatch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/0061
Site en construction
-
http://www.securityfocus.com/archive/1/456049/100/0/threaded
-
http://wordpress.org/development/2007/01/wordpress-206/
WordPress 2.0.6 – WordPress NewsPatch
Jump to