cbcvebase.
CVE-2007-0347
published 2007-01-29

CVE-2007-0347: The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to…

PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
3.57%
87.9th percentile
The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

Affected

6 ranges
VendorProductVersion rangeFixed in
cvstraccvstrac<= 2.0
cvstraccvstrac
cvstraccvstrac
cvstraccvstrac
cvstraccvstrac
cvstraccvstrac
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.