CVE-2007-6318
published 2007-12-12CVE-2007-6318: SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s…
PriorityP346medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.16%
94.7th percentile
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.3.2-1 (bookworm) | wordpress 2.3.2-1 (bookworm) |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
| wordpress | wordpress | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
wordpress: SQL injection when certain DB charsets are used
vendor_redhat·2007-12-10·CVSS 6.8
CVE-2007-6318 [MEDIUM] wordpress: SQL injection when certain DB charsets are used
wordpress: SQL injection when certain DB charsets are used
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
Debian
CVE-2007-6318: wordpress - SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earl...
vendor_debian·2007·CVSS 6.8
CVE-2007-6318 [MEDIUM] CVE-2007-6318: wordpress - SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earl...
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
Scope: local
bookworm: resolved (fixed in 2.3.2-1)
bullseye: resolved (fixed in 2.3.2-1)
forky: resolved (fixed in 2.3.2-1)
sid: resolved (fixed in 2.3.2-1)
trixie: resolved (fixed in 2.3.2-1)
GHSA
GHSA-79q4-xv4r-946x: SQL injection vulnerability in wp-includes/query
ghsa_unreviewed·2022-05-01
CVE-2007-6318 [MEDIUM] CWE-89 GHSA-79q4-xv4r-946x: SQL injection vulnerability in wp-includes/query
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
OSV
CVE-2007-6318: SQL injection vulnerability in wp-includes/query
osv·2007-12-12·CVSS 6.8
CVE-2007-6318 [MEDIUM] CVE-2007-6318: SQL injection vulnerability in wp-includes/query
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
No detection rules found.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.htmlhttp://secunia.com/advisories/28005http://secunia.com/advisories/28310http://securityreason.com/securityalert/3433http://www.abelcheung.org/advisory/20071210-wordpress-charset.txthttp://www.securityfocus.com/archive/1/484828/100/0/threadedhttp://www.securityfocus.com/bid/26795http://www.securitytracker.com/id?1019071http://www.vupen.com/english/advisories/2007/4172https://exchange.xforce.ibmcloud.com/vulnerabilities/38959https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058999.htmlhttp://secunia.com/advisories/28005http://secunia.com/advisories/28310http://securityreason.com/securityalert/3433http://www.abelcheung.org/advisory/20071210-wordpress-charset.txthttp://www.securityfocus.com/archive/1/484828/100/0/threadedhttp://www.securityfocus.com/bid/26795http://www.securitytracker.com/id?1019071http://www.vupen.com/english/advisories/2007/4172https://exchange.xforce.ibmcloud.com/vulnerabilities/38959https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00079.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00098.html
2007-12-12
Published