CVE Vulnerability

CVE-2007-4435

Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.torrenttrader.org/index.php?showtopic=6255
http://secunia.com/advisories/26504 Patch Vendor Advisory
http://www.torrenttrader.org/index.php?showtopic=5776
http://www.securityfocus.com/bid/25369
http://www.osvdb.org/36598
http://www.osvdb.org/36599
http://www.osvdb.org/36600
https://exchange.xforce.ibmcloud.com/vulnerabilities/36119
Configurations

Configuration 1

cpe:2.3:a:torrenttrader:torrenttrader:*:*:*:*:*:*:*:*
Information

Published : 2007-08-20 10:17

Updated : 2017-07-29 01:32

NVD link : CVE-2007-4435

Mitre link : CVE-2007-4435

Products Affected
No products.
CWE
NVD-CWE-Other