cbcvebase.
CVE-2007-6318
published 2007-12-12

CVE-2007-6318: SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s…

PriorityP346medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.16%
94.7th percentile
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
debianwordpress< wordpress 2.3.2-1 (bookworm)wordpress 2.3.2-1 (bookworm)
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress
wordpresswordpress

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.