Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
Debian Linux Security Advisory 2179-1 - Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services.