WordPress Charset SQL Injection Vulnerability

Details are emerging about a new vulnerability in WordPress. An unpatched flaw in WordPress may lead to SQL injection.

It was recently discovered that the search function within WordPress fails to properly sanitize input based on different character sets. Input passed to the "s" parameter in index.php (when "exact" and "sentence" are set to "1") is not properly sanitized before being used in SQL queries.

The currently known character sets which are exploitable include Big5 and GBK. Additional character sets may also be exploitable.

Alone this attack can result in exposure of all database content without the need to authenticate. However, if combined with other exploits (previous WordPress exploits such as cookie authentication vulnerability), any remote user can obtain WordPress admin privilege.

Exploit code for this vulnerability has been publicly released.

While currently unpatched, workarounds do exist.

More information can be found below.

abelcheung.org advisory:

CVE-2007-6318 (candidate):

Secunia advisory:

ISS X-force'sadvisory:


Posted by Nathan Heck on December 14, 2007, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.