ID CVE-2008-6418Type cveReporter NVDModified 2018-10-11T16:57:10
Description
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
{"id": "CVE-2008-6418", "bulletinFamily": "NVD", "title": "CVE-2008-6418", "description": "SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.", "published": "2009-03-06T13:30:00", "modified": "2018-10-11T16:57:10", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6418", "reporter": "NVD", "references": ["http://sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219", "https://exchange.xforce.ibmcloud.com/vulnerabilities/42785", "http://www.securityfocus.com/bid/29451", "http://www.securityfocus.com/archive/1/492878/100/0/threaded"], "cvelist": ["CVE-2008-6418"], "type": "cve", "lastseen": "2018-10-12T11:33:49", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:torrenttrader:torrenttrader:1.06::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.08::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.07::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.0"], "cvelist": ["CVE-2008-6418"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.", "edition": 2, "enchantments": {"score": {"modified": "2017-08-17T11:14:04", "value": 7.5, "vector": "NONE"}}, "hash": "c63cd42595eb6c5ccf542a49e9bdd5b4940b61e1fda7a355062fc2862573677f", "hashmap": [{"hash": "700e1f7433c7cef5a09f332ab3117940", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "539f668c72179b5d692c7deffadbefa8", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "4a658672c9c3dbf459b2c5131be11cb9", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "93837f1094ced4d35d057f3f4f79a87d", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5c692cef3a7abe87e5ca5f8eaf0bf9b6", "key": "title"}, {"hash": "a3efde81ab8c330adf0ed46f407ea958", "key": "modified"}, {"hash": "9e39e3989cb2a10ab32964ece0c3327d", "key": "description"}, {"hash": "c8d27b4ea21521e3e08eeaa3923600c6", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6418", "id": "CVE-2008-6418", "lastseen": "2017-08-17T11:14:04", "modified": "2017-08-16T21:29:16", "objectVersion": "1.3", "published": "2009-03-06T13:30:00", "references": ["http://sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219", "https://exchange.xforce.ibmcloud.com/vulnerabilities/42785", "http://www.securityfocus.com/archive/1/archive/1/492878/100/0/threaded", "http://www.securityfocus.com/bid/29451"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-6418", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-17T11:14:04"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:torrenttrader:torrenttrader:1.06::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.08::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.07::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.0"], "cvelist": ["CVE-2008-6418"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.", "edition": 1, "enchantments": {}, "hash": "263e9fc8a6ad33379305d1543db1c03610a681cedffabc0d276ad626b5716b7f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "539f668c72179b5d692c7deffadbefa8", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3121c35c1a608663e609933fb0216474", "key": "references"}, {"hash": "4a658672c9c3dbf459b2c5131be11cb9", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "aa3ccdf452613afffabca08d3b9e1dcc", "key": "modified"}, {"hash": "93837f1094ced4d35d057f3f4f79a87d", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5c692cef3a7abe87e5ca5f8eaf0bf9b6", "key": "title"}, {"hash": "9e39e3989cb2a10ab32964ece0c3327d", "key": "description"}, {"hash": "c8d27b4ea21521e3e08eeaa3923600c6", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6418", "id": "CVE-2008-6418", "lastseen": "2016-09-03T11:41:11", "modified": "2009-04-14T01:40:42", "objectVersion": "1.2", "published": "2009-03-06T13:30:00", "references": ["http://sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219", "http://www.securityfocus.com/archive/1/archive/1/492878/100/0/threaded", "http://www.securityfocus.com/bid/29451", "http://xforce.iss.net/xforce/xfdb/42785"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-6418", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T11:41:11"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "c8d27b4ea21521e3e08eeaa3923600c6"}, {"key": "cvelist", "hash": "539f668c72179b5d692c7deffadbefa8"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "9e39e3989cb2a10ab32964ece0c3327d"}, {"key": "href", "hash": "93837f1094ced4d35d057f3f4f79a87d"}, {"key": "modified", "hash": "4e4796ea19f1d4f320ca1e0102c0f09c"}, {"key": "published", "hash": "4a658672c9c3dbf459b2c5131be11cb9"}, {"key": "references", "hash": "99298c3390663ddcb68c3da9d00ce243"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5c692cef3a7abe87e5ca5f8eaf0bf9b6"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f5fa5449c6f74af7a5f1a136fba87149153473511cad65ca1c1221f40818699f", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-12T11:33:49"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:torrenttrader:torrenttrader:1.06::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.08::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.07::classic_edition", "cpe:/a:torrenttrader:torrenttrader:1.0"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-03T15:39:53", "osvdbidlist": ["45858"], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "TorrentTrader Classic 1.x 'scrape.php' SQL Injection Vulnerability. CVE-2008-6418. Webapps exploit for php platform", "reporter": "Charles Vaughn", "published": "2008-05-31T00:00:00", "type": "exploitdb", "title": "TorrentTrader Classic 1.x - 'scrape.php' SQL Injection Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-6418"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2008-05-31T00:00:00", "id": "EDB-ID:31866", "href": "https://www.exploit-db.com/exploits/31866/", "sourceData": "source: http://www.securityfocus.com/bid/29451/info\r\n\r\nTorrentTrader Classic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n\r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \r\n\r\nhttp://www.example.com/scrape.php?info_hash=%22union%20select%201,1,1,1,ip%20from%20users--%20%20%20 ", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31866/"}]}
