Description

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Remediation

References

CVE-2007-6318

Related Vulnerabilities

WordPress Plugin Crisp Live Chat Cross-Site Request Forgery (0.31)

WordPress Other Vulnerability (CVE-2007-4153)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16725)

MySQL Integer Overflow or Wraparound Vulnerability (CVE-2017-3599)

WordPress Plugin Generate Child Theme Security Bypass (1.5.3)

Severity

Medium

Classification

CVE-2007-6318 CWE-138

Tags

Missing Update Known Vulnerabilities