TorrentTrader Classic Multiple Vulnerabilities Network Vulnerability

Summary

This host is running TorrentTrader Classic and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to inject and execute arbitrary SQL queries via malicious SQL code, and can gain sensitive information about remote system user credentials and database. Impact level: Application/System

Solution

Upgrade to TorrentTrader Classic version 2.0.6 or later For updates refer to http://sourceforge.net/projects/torrenttrader

Insight

Multiple flaws due to,improper validation of user-supplied input data to different parametes and Access to the '.php' scripts are not properly restricted.

Affected

TorrentTrader Classic version 1.09 and prior.

References

http://secunia.com/advisories/35456
http://www.securityfocus.com/archive/1/archive/1/504294/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2156, CVE-2009-2157, CVE-2009-2158, CVE-2009-2159, CVE-2009-2160, CVE-2009-2161

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Artifectx xClassified 'catid' SQL Injection Vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
AWCM CMS Multiple Remote File Include Vulnerabilities

Take action and discover your vulnerabilities