CVE-2007-3691

Name of the Vulnerable Software and Affected Versions AV Tutorial Script (avtutorial) version 1.0

Description The issue is related to SQL injection vulnerabilities in the changePW.php file. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the id and userid parameters.

Recommendations For AV Tutorial Script (avtutorial) version 1.0, consider disabling the changePW.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the id and userid parameters in the changePW.php file until the issue is resolved.