Vulnerabilities > CVE-2007-0107 - Unspecified vulnerability in Wordpress

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
wordpress
nessus
exploit available

Summary

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Exploit-Db

descriptionWordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit. CVE-2007-0107. Webapps exploit for php platform
idEDB-ID:3095
last seen2016-01-31
modified2007-01-07
published2007-01-07
reporterStefan Esser
sourcehttps://www.exploit-db.com/download/3095/
titleWordPress 2.0.5 - Trackback UTF-7 - Remote SQL Injection Exploit

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-10 (WordPress: Multiple vulnerabilities) When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in wp-login.php based upon whether or not a user exists. David Kierznowski has discovered that WordPress fails to properly sanitize recent file information in /wp-admin/templates.php before sending that information to a browser. Impact : An attacker could inject arbitrary SQL into WordPress database queries. An attacker could also determine if a WordPress user existed by trying to login as that user, better facilitating brute-force attacks. Lastly, an attacker authenticated to view the administrative section of a WordPress instance could try to edit a file with a malicious filename; this may cause arbitrary HTML or JavaScript to be executed in users
    last seen2020-06-01
    modified2020-06-02
    plugin id24208
    published2007-01-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24208
    titleGLSA-200701-10 : WordPress: Multiple vulnerabilities
  • NASL familyCGI abuses
    NASL idWORDPRESS_TRACKBACK_CHARSET_SQL_INJECTION.NASL
    descriptionThe version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can bypass the application
    last seen2020-06-01
    modified2020-06-02
    plugin id24011
    published2007-01-12
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24011
    titleWordPress Trackback Charset Decoding SQL Injection