Vulnerability Description
Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Torrenttrader | Torrenttrader | <= 1.06 |
References
- http://secunia.com/advisories/26504PatchVendor Advisory
- http://www.osvdb.org/36598
- http://www.osvdb.org/36599
- http://www.osvdb.org/36600
- http://www.securityfocus.com/bid/25369
- http://www.torrenttrader.org/index.php?showtopic=5776
- http://www.torrenttrader.org/index.php?showtopic=6255
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36119
- http://secunia.com/advisories/26504PatchVendor Advisory
- http://www.osvdb.org/36598
- http://www.osvdb.org/36599
- http://www.osvdb.org/36600
- http://www.securityfocus.com/bid/25369
- http://www.torrenttrader.org/index.php?showtopic=5776
- http://www.torrenttrader.org/index.php?showtopic=6255
FAQ
What is CVE-2007-4435?
CVE-2007-4435 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.p...
How severe is CVE-2007-4435?
CVE-2007-4435 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4435?
Check the references section above for vendor advisories and patch information. Affected products include: Torrenttrader Torrenttrader.