CVE-2007-2854

2007-05-2419:00:00

mitre

www.cve.org

AI Score

8.5

Confidence

Low

EPSS

0.006

Percentile

78.6%

JSON

Multiple SQL injection vulnerabilities in account_change.php in BtiTracker 1.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) style or (2) langue parameter.

References

osvdb.org/36316

secunia.com/advisories/25382

www.securityfocus.com/bid/24094

www.vupen.com/english/advisories/2007/1921

exchange.xforce.ibmcloud.com/vulnerabilities/34447

www.exploit-db.com/exploits/3970