CVE-2008-3784

Sažetak

SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

Reference

http://secunia.com/advisories/31556
http://securityreason.com/securityalert/4186
http://www.btiteam.org/
http://www.btiteam.org/smf/index.php?topic=12068
http://www.securityfocus.com/bid/30811
https://exchange.xforce.ibmcloud.com/vulnerabilities/44627
https://www.exploit-db.com/exploits/6296

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

06-08-2020 - 15:03

Objavljeno

26-08-2008 - 14:41