2
Candidate: CVE-2007-0107
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107
6
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate
7
character sets after escaping the SQL query, which allows remote attackers
8
to bypass SQL injection protection schemes and execute arbitrary SQL
9
commands via multibyte charsets, as demonstrated using UTF-7.
13
dapper_wordpress: ignored (reached end-of-life)
14
edgy_wordpress: needed (reached end-of-life)
15
feisty_wordpress: not-affected
16
gutsy_wordpress: not-affected
17
hardy_wordpress: not-affected
18
intrepid_wordpress: not-affected
19
jaunty_wordpress: not-affected
20
karmic_wordpress: not-affected
21
devel_wordpress: not-affected
22
upstream_wordpress: released (2.0.6)