torrenttrader 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting、パス処理の欠陥, and vendor risk csrf があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2009-2161 | Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name. | [email protected] | 5.1 | 8.33% | 2009-06-22 | 2026-04-23 |
| CVE-2009-2160 | TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obtain other potentially sensitive information via a direct request to check.php. | [email protected] | 5.0 | 9.36% | 2009-06-22 | 2026-04-23 |
| CVE-2009-2159 | backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/. | [email protected] | 6.4 | 6.74% | 2009-06-22 | 2026-04-23 |
| CVE-2009-2157 | Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the | [email protected] | 6.5 | 1.17% | 2009-06-22 | 2026-04-23 |
| CVE-2009-2156 | Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] paramet | [email protected] | 3.5 | 0.88% | 2009-06-22 | 2026-04-23 |
| CVE-2008-6418 | SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. | [email protected] | 7.5 | 0.65% | 2009-03-06 | 2026-04-23 |
| CVE-2008-4494 | SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.51% | 2008-10-09 | 2026-04-23 |
| CVE-2008-2428 | Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | [email protected] | 6.8 | 0.66% | 2008-06-18 | 2026-04-23 |
| CVE-2008-1173 | Cross-site scripting (XSS) vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | [email protected] | 4.3 | 0.40% | 2008-03-06 | 2026-04-23 |
| CVE-2008-1172 | Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php in TorrentTrader Classic 1.08 allow remote attackers to perform certain actions as other users, as demonstrated by sending messages. | [email protected] | 4.3 | 0.13% | 2008-03-06 | 2026-04-23 |
| CVE-2007-5312 | Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php. | [email protected] | 4.3 | 10.21% | 2007-10-09 | 2026-04-23 |
| CVE-2007-5311 | Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic Edition 1.07 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter. | [email protected] | 7.5 | 10.16% | 2007-10-09 | 2026-04-23 |
| CVE-2007-4831 | Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. | [email protected] | 2.6 | 0.35% | 2007-09-12 | 2026-04-23 |
| CVE-2007-4536 | TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files. | [email protected] | 4.6 | 0.06% | 2007-08-25 | 2026-04-23 |
| CVE-2007-4435 | Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php. | [email protected] | 7.5 | 1.35% | 2007-08-20 | 2026-04-23 |