2 matches found
CVE-2007-3691
CVE-2007-3691 affects AV Tutorial Script (avtutorial) 1.0. The changePW.php file is vulnerable to SQL injection via the parameters (1) id and (2) userid when magic_quotes_gpc is disabled, enabling remote attackers to execute arbitrary SQL commands. This is a direct vulnerability in the applicatio...
CVE-2007-3691
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script avtutorial 1.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 userid parameters, a different issue than CVE-2007-3630...