CVE-2007-6318

Publication date 12 December 2007

Last updated 24 July 2024

Ubuntu priority

Why this priority?

Description

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
wordpress	7.10 gutsy	Fixed 2.2.2-1ubuntu1.2
	7.04 feisty	Fixed 2.1.3-1ubuntu1.1
	6.10 edgy	Not affected
	6.06 LTS dapper	Not affected

Notes

jdstrand

dapper and edgy not affected according to Emanuele Gentili (emgent)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
wordpress	Debdiff: https://bugs.launchpad.net/ubuntu/+source/wordpress/+bug/181416

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-6318

Access our resources on patching vulnerabilities