cpe:/a:btiteam:btitracker:1.3.2 cpe:/a:btiteam:btitracker:1.4.1 cpe:/a:btiteam:btitracker:1.4.2 cpe:/a:btiteam:btitracker:1.4.3 cpe:/a:btiteam:btitracker:1.4.4 CVE-2007-5986 2007-11-14T19:46:00.000-05:00 2017-07-28T21:33:58.427-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-11-15T18:31:00.000-05:00 BID 26551 SECUNIA 27550 XF btitracker-unspecified-sql-injection(38415) CONFIRM http://sourceforge.net/forum/forum.php?forum_id=752472 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=552477 SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.