| Max CVSS | 6.8 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-0107 | 6.8 |
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charset
|
16-10-2018 - 16:31 | 09-01-2007 - 00:28 | |
| CVE-2007-0109 | 5.0 |
wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
|
16-10-2018 - 16:31 | 09-01-2007 - 00:28 | |
| CVE-2006-6808 | 6.8 |
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_des
|
29-07-2017 - 01:29 | 28-12-2006 - 21:28 |