2 matches found
CVE-2007-3691
CVE-2007-3691 affects AV Tutorial Script (avtutorial) 1.0. The changePW.php file is vulnerable to SQL injection via the parameters (1) id and (2) userid when magic_quotes_gpc is disabled, enabling remote attackers to execute arbitrary SQL commands. This is a direct vulnerability in the applicatio...
CVE-2007-3630
The CVE-2007-3630 entry concerns AV Tutorial Script (avtutorial) 1.0. The vulnerability is in changePW.php and allows remote attackers to change passwords for arbitrary users without authentication or knowledge of an old password by supplying a modified password parameter. This is a network-acces...