CVE-2007-6318

Description

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

How to fix CVE-2007-6318

To remediate CVE-2007-6318, upgrade the affected package to a fixed version below.

• Debian/wordpress—upgrade to 2.3.2-1 or later

Is CVE-2007-6318 being exploited?

Low — EPSS is 3.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.3.2-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6318