Torrenttrader Classic Security Vulnerabilities and Issues — Torrenttrader Classic CVE List

Lucene search

TorrenttraderTorrenttrader Classic

8 matches found

CVE•added 2009/06/22 7:30 p.m.•39 views

CVE-2009-2156

Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the loggi...

3.5CVSS6.5AI score0.00726EPSS

CVE•added 2009/06/22 7:30 p.m.•39 views

CVE-2009-2161

Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.

5.1CVSS7.7AI score0.07337EPSS

CVE•added 2009/06/22 7:30 p.m.•38 views

CVE-2009-2157

Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the ...

6.5CVSS8AI score0.02499EPSS

CVE•added 2009/06/22 7:30 p.m.•38 views

CVE-2009-2159

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.

6.4CVSS7.5AI score0.05227EPSS

CVE•added 2009/06/22 7:30 p.m.•37 views

CVE-2009-2160

TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php.

5CVSS7.3AI score0.07338EPSS

CVE•added 2008/03/06 12:44 a.m.•35 views

CVE-2008-1173

Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3CVSS5.7AI score0.00399EPSS

CVE•added 2008/06/18 7:41 p.m.•32 views

CVE-2008-2428

Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.

6.8CVSS8.5AI score0.00661EPSS

CVE•added 2008/03/06 12:44 a.m.•29 views

CVE-2008-1172

Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages.

4.3CVSS7.1AI score0.00129EPSS