Unrated severityNVD Advisory· Published Jan 9, 2007· Updated Jun 16, 2026
CVE-2007-0107
CVE-2007-0107
Description
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*range: <=2.0.5
- (no CPE)range: <2.0.6
Patches
Vulnerability mechanics
References
12- secunia.com/advisories/23595nvdPatchVendor Advisory
- wordpress.org/development/2007/01/wordpress-206/nvdPatch
- www.hardened-php.net/advisory_022007.141.htmlnvdPatchVendor Advisory
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.005.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/21907nvdExploitPatch
- osvdb.org/31579nvd
- secunia.com/advisories/23741nvd
- security.gentoo.org/glsa/glsa-200701-10.xmlnvd
- securityreason.com/securityalert/2112nvd
- www.securityfocus.com/archive/1/456049/100/0/threadednvd
- www.vupen.com/english/advisories/2007/0061nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31297nvd
News mentions
0No linked articles in our index yet.