Sql injection
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script avtutorial 1.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 userid parameters, a different issue than CVE-2007-3630...