CVE-2007-5988

BtiTracker 1.4.4 - RCE

Title source: llm

Description

blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user accounts, which allows remote attackers to post shoutbox entries as arbitrary users via a modified nick field.

References (6)

Scores

EPSS 0.0102
EPSS Percentile 77.0%

Classification

CWE
CWE-287 CWE-264 CWE-255
Status draft

Affected Products (1)

bti-tracker/bti-tracker < 1.4.4

Timeline

Published Nov 15, 2007
Tracked Since Feb 18, 2026