PT-2009-1890 · Torrenttrader · Torrenttrader

Publicado

2009-03-06

Atualizado

2018-10-11

CVE-2008-6418

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: TorrentTrader versions prior to 2008-05-13

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the info hash parameter in the "scrape.php" file.

Recommendations: For versions prior to 2008-05-13, update to a version released after 2008-05-13 to resolve the issue. As a temporary workaround, consider restricting access to the scrape.php file or avoiding the use of the info hash parameter until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-6418

Produtos afetados

Torrenttrader

PT-2009-1890 · Torrenttrader · Torrenttrader

CVE-2008-6418

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8