CVE-2007-4536

Name of the Vulnerable Software and Affected Versions TorrentTrader versions 1.07 and earlier

Description The issue allows attackers to execute arbitrary PHP code by modifying certain files, specifically disclaimer.txt, sponsors.txt, and banners.txt, which are used in an include call. These files are set with insecure permissions in the root directory. There is a possibility of local attack vectors that could extend the vulnerability to other files.

Recommendations For TorrentTrader versions 1.07 and earlier, consider restricting access to the disclaimer.txt, sponsors.txt, and banners.txt files until a fix is available. As a temporary workaround, review and secure the permissions of these files to prevent unauthorized modifications. Additionally, monitor the system for any signs of local attack vectors that could exploit this issue.