Lucene search

[email protected]CVE-2008-2428

HistoryJun 18, 2008 - 7:41 p.m.

CVE-2008-2428

2008-06-1819:41:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

torrenttrader 1.08 classic

remote attackers

nvd

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%

JSON

Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.

CPENameOperatorVersion
torrenttrader:torrenttrader_classictorrenttrader torrenttrader classiceq1.08

CPE	Name	Operator	Version
torrenttrader:torrenttrader_classic	torrenttrader torrenttrader classic	eq	1.08

References

secunia.com/advisories/30565

secunia.com/secunia_research/2008-15/advisory/

sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219

www.securityfocus.com/archive/1/493434/100/0/threaded

www.securityfocus.com/bid/29787

www.torrenttrader.org/index.php?showtopic=8879

exchange.xforce.ibmcloud.com/vulnerabilities/43165

8.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.5%

JSON

Related for CVE-2008-2428

prion1 securityvulns1 cvelist1 seebug1