CVE-2007-6318
Published: 12 December 2007
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
Notes
Author | Note |
---|---|
jdstrand | dapper and edgy not affected according to Emanuele Gentili (emgent) |
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Not vulnerable
|
|
edgy |
Not vulnerable
|
|
feisty |
Released
(2.1.3-1ubuntu1.1)
|
|
gutsy |
Released
(2.2.2-1ubuntu1.2)
|
|
hardy |
Released
(2.3.2-1)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/181416 |