Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4536

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2007-4536
Last Modified 05 Feb 2009 01:29:19
Published 24 Aug 2007 08:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-4536

Summary

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files.

Vulnerable Systems

Application

  • Torrenttrader 1.07


References

CONFIRM - http://www.torrenttrader.org/index.php?showtopic=5843

VIM - 20070824 uh-oh: local file inclusion from insecure permissions

OSVDB - 40257

BID - 25536

SECUNIA - 26679


Last Updated: 27 May 2016 10:45:53