PRIOn knowledge basePRION:CVE-2008-2428Sql injection
9.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.
| CPE | Name | Operator | Version |
|---|---|---|---|
| torrenttrader_classic | eq | 1.08 |
References
secunia.com/advisories/30565
secunia.com/secunia_research/2008-15/advisory/
sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219
www.securityfocus.com/archive/1/493434/100/0/threaded
www.securityfocus.com/bid/29787
www.torrenttrader.org/index.php?showtopic=8879
exchange.xforce.ibmcloud.com/vulnerabilities/43165
Related
9.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.9%