Launchpad CVE tracker

CVE 2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Related bugs and status

CVE-2007-6318 (Candidate) is related to these bugs:

Bug #181416: SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318

		In	Importance	Status
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu)	Undecided	Invalid
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu Dapper)	Undecided	Invalid
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu Edgy)	Undecided	Invalid
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu Gutsy)	Undecided	Fix Released
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu Feisty)	Undecided	Fix Released
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Debian)	Unknown	Fix Released
181416	SQL injection vulnerability in wp-includes/query.php in WordPress CVE-2007-6318	wordpress (Ubuntu Hardy)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-6318

References