CVE-2007-3691 Information

Description

Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0 when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters a different issue than CVE-2007-3630.

Reference

http://attrition.org/pipermail/vim/2007-July/001705.html http://osvdb.org/36298 http://secunia.com/advisories/25969 https://exchange.xforce.ibmcloud.com/vulnerabilities/35487