CVEs-PoC/2007/CVE-2007-0347.md

### [CVE-2007-0347](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0347)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The is_eow function in format.c in CVSTrac before 2.0.1 does not properly check for the "'" (quote) character, which allows remote authenticated users to execute limited SQL injection attacks and cause a denial of service (database error) via a ' character in certain messages, tickets, or Wiki entries.

### POC

#### Reference
- http://securityreason.com/securityalert/2192

#### Github
No PoCs found on GitHub currently.