CVE-2007-0347

Name of the Vulnerable Software and Affected Versions: CVSTrac versions prior to 2.0.1

Description: The issue arises from the is eow function in format.c, which fails to properly check for the ' (quote) character. This allows remote authenticated users to execute limited SQL injection attacks, potentially causing a denial of service (database error) by including a ' character in certain messages, tickets, or Wiki entries.

Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue.