Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6d84-ff48-vbbd

Summary WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.

Aliases

alias	CVE-2007-0107

Fixed_packages

url	pkg:deb/debian/wordpress@2.0.6-1?distro=trixie
purl	pkg:deb/debian/wordpress@2.0.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@2.0.6-1%3Fdistro=trixie

url pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/wordpress@5.7.11%2Bdfsg1-0%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-eg3u-uaqx-m7f2

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@5.7.11%252Bdfsg1-0%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/wordpress@6.1.9%2Bdfsg1-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-sjsv-4uy2-aqct

vulnerability	VCID-v95d-ak24-uqbz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.1.9%252Bdfsg1-0%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/wordpress@6.8.3%2Bdfsg1-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.8.3%252Bdfsg1-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/wordpress@6.9.4%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/wordpress@6.9.4%252Bdfsg1-1%3Fdistro=trixie

url	pkg:ebuild/www-apps/wordpress@2.0.6
purl	pkg:ebuild/www-apps/wordpress@2.0.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-apps/wordpress@2.0.6

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-0107

reference_id

reference_type

scores

value	0.06942
scoring_system	epss
scoring_elements	0.91578
published_at	2026-06-04T12:55:00Z

value	0.06942
scoring_system	epss
scoring_elements	0.9159
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-0107

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0107

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691
reference_id	405691
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405691

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3095.py
reference_id	CVE-2007-0107
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/3095.py

reference_url	https://security.gentoo.org/glsa/200701-10
reference_id	GLSA-200701-10
reference_type
scores
url	https://security.gentoo.org/glsa/200701-10

Weaknesses

Exploits

date_added	2007-01-06
description	WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2007-01-07
exploit_type	webapps
platform	php
source_date_updated	2016-09-21
data_source	Exploit-DB
source_url

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6d84-ff48-vbbd

Vulnerability Instance