TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities

Bugtraq ID:	25369
Class:	Input Validation Error
CVE:	CVE-2007-4435
Remote:	Yes
Local:	No
Published:	Aug 20 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed these issues.
Vulnerable:	VBTT vBulletin Torrent Tracker - TT4XBT 1.1 TorrentTrader TorrentTrader Classic Edition 1.06
Not Vulnerable:	VBTT vBulletin Torrent Tracker - TT4XBT 1.2 TorrentTrader TorrentTrader Classic Edition 1.07

TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities

TorrentTrader is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to TorrentTrader 1.07 are vulnerable.

TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser.

TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities

Solution:
The vendor released an update to address these issues. Please see the references for more information.


TorrentTrader TorrentTrader Classic Edition 1.06

• TorrentTrader TorrentTraderClassic_v1.07.zip
  http://downloads.sourceforge.net/torrenttrader/TorrentTraderClassic_v1 .07.zip?modtime=1187345788&big_mirror=0


• VBTT tt107xbt_basic.rar
  http://downloads.sourceforge.net/vbtt/tt107xbt_basic.rar?modtime=11873 39281&big_mirror=0

VBTT vBulletin Torrent Tracker - TT4XBT 1.1

• VBTT tt107xbt_basic.rar
  http://downloads.sourceforge.net/vbtt/tt107xbt_basic.rar?modtime=11873 39281&big_mirror=0

TorrentTrader Multiple Unspecified SQL Injection Vulnerabilities

References:

• Project Home Page (TorrentTrader)