CVE-2007-0107
CVE-2007-0107
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/3095não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://osvdb.org/31579http://secunia.com/advisories/23595http://secunia.com/advisories/23741http://security.gentoo.org/glsa/glsa-200701-10.xmlhttp://securityreason.com/securityalert/2112https://exchange.xforce.ibmcloud.com/vulnerabilities/31297http://wordpress.org/development/2007/01/wordpress-206/http://www.hardened-php.net/advisory_022007.141.htmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.htmlhttp://www.securityfocus.com/archive/1/456049/100/0/threadedhttp://www.securityfocus.com/bid/21907http://www.vupen.com/english/advisories/2007/0061