| Max CVSS | 6.8 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-0107 | 6.8 |
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charset
|
16-10-2018 - 16:31 | 09-01-2007 - 00:28 | |
| CVE-2007-0106 | 6.8 |
Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable
|
16-10-2018 - 16:31 | 09-01-2007 - 00:28 |