CVE-2008-2428

Name of the Vulnerable Software and Affected Versions: TorrentTrader version 1.08 Classic

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the email or wantusername parameter to the "account-signup.php" API endpoint, or the receiver parameter to the "account-inbox.php" API endpoint in a 'msg' action.

Recommendations: For TorrentTrader version 1.08 Classic, consider restricting access to the account-signup.php and account-inbox.php API endpoints until a patch is available. As a temporary workaround, avoid using the email, wantusername, and receiver parameters in these endpoints to minimize the risk of exploitation.