CVE-2007-0970 Information

Description

Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php and unspecified parameters to other files that accept GET or POST input.

Reference

http://osvdb.org/33203 http://osvdb.org/33204 http://secunia.com/advisories/24157 http://securityreason.com/securityalert/2261 http://www.securityfocus.com/archive/1/460078/100/0/threaded http://www.securityfocus.com/bid/22559 http://www.vupen.com/english/advisories/2007/0633 https://exchange.xforce.ibmcloud.com/vulnerabilities/32490