Test ID:	1.3.6.1.4.1.25623.1.0.800522
Category:	Web application abuses
Title:	TorrentTrader Classic Multiple Vulnerabilities
Summary:	TorrentTrader Classic is prone to multiple vulnerabilities.
Description:	Summary: TorrentTrader Classic is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: improper validation of user-supplied input data to different parameters and Access to the '.php' scripts are not properly restricted. Vulnerability Impact: Successful exploitation will allow attacker to inject and execute arbitrary SQL queries via malicious SQL code, and can gain sensitive information about remote system user credentials and database. Affected Software/OS: TorrentTrader Classic version 1.09 and prior. Solution: Upgrade to TorrentTrader Classic version 2.0.6 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2156 BugTraq ID: 35369 http://www.securityfocus.com/bid/35369 Bugtraq: 20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09 (Google Search) http://www.securityfocus.com/archive/1/504294/100/0/threaded https://www.exploit-db.com/exploits/8958 http://www.waraxe.us/advisory-74.html http://secunia.com/advisories/35456 XForce ISS Database: torrenttrader-multiplescripts-xss(51145) https://exchange.xforce.ibmcloud.com/vulnerabilities/51145 XForce ISS Database: torrenttrader-viewrequests-xss(51144) https://exchange.xforce.ibmcloud.com/vulnerabilities/51144 Common Vulnerability Exposure (CVE) ID: CVE-2009-2157 XForce ISS Database: torrenttrader-accountinbox-sql-injection(51143) https://exchange.xforce.ibmcloud.com/vulnerabilities/51143 XForce ISS Database: torrenttrader-browse-sql-injection(51142) https://exchange.xforce.ibmcloud.com/vulnerabilities/51142 XForce ISS Database: torrenttrader-choice-sql-injection(51179) https://exchange.xforce.ibmcloud.com/vulnerabilities/51179 XForce ISS Database: torrenttrader-delreq-sql-injection(51178) https://exchange.xforce.ibmcloud.com/vulnerabilities/51178 XForce ISS Database: torrenttrader-modrules-sql-injection(51180) https://exchange.xforce.ibmcloud.com/vulnerabilities/51180 XForce ISS Database: torrenttrader-report-sql-injection(51181) https://exchange.xforce.ibmcloud.com/vulnerabilities/51181 Common Vulnerability Exposure (CVE) ID: CVE-2009-2158 XForce ISS Database: torrenttrader-accountrecover-weak-security(51150) https://exchange.xforce.ibmcloud.com/vulnerabilities/51150 Common Vulnerability Exposure (CVE) ID: CVE-2009-2159 XForce ISS Database: torrenttrader-backupdatabase-info-disc(51147) https://exchange.xforce.ibmcloud.com/vulnerabilities/51147 Common Vulnerability Exposure (CVE) ID: CVE-2009-2160 XForce ISS Database: torrenttrader-check-info-disclosure(51148) https://exchange.xforce.ibmcloud.com/vulnerabilities/51148 XForce ISS Database: torrenttrader-phpinfo-info-disclosure(51149) https://exchange.xforce.ibmcloud.com/vulnerabilities/51149 Common Vulnerability Exposure (CVE) ID: CVE-2009-2161 XForce ISS Database: torrenttrader-ssuri-file-include(51146) https://exchange.xforce.ibmcloud.com/vulnerabilities/51146
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.