CVE-2007-4536

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/40257
http://secunia.com/advisories/26679
http://www.attrition.org/pipermail/vim/2007-August/001774.html
http://www.securityfocus.com/bid/25536
http://www.torrenttrader.org/index.php?showtopic=5843

Configurations

Configuration 1 (hide)

cpe:2.3:a:torrenttrader:torrenttrader:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-25 00:17

Updated : 2024-02-04 17:13

NVD link : CVE-2007-4536

Mitre link : CVE-2007-4536

CVE.ORG link : CVE-2007-4536

JSON object : View

Products Affected

torrenttrader

torrenttrader

CWE

NVD-CWE-Other

{"id": "CVE-2007-4536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-25T00:17:00.000", "references": [{"url": "http://osvdb.org/40257", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26679", "source": "cve@mitre.org"}, {"url": "http://www.attrition.org/pipermail/vim/2007-August/001774.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25536", "source": "cve@mitre.org"}, {"url": "http://www.torrenttrader.org/index.php?showtopic=5843", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying (1) disclaimer.txt, (2) sponsors.txt, and (3) banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend to other files."}, {"lang": "es", "value": "TorrentTrader 1.07 y versiones anteriores asigna permisos no seguros a ficheros en el directorio ra\u00edz, lo cual permite a atacantes ejecutar c\u00f3digo PHP de su elecci\u00f3n al modificar (1) disclaimer.txt, (2) sponsors.txt, y (3) banners.txt, que son usados en una llamada de inclusi\u00f3n.\r\nNOTA: Podr\u00eda haber vectores de ataque locales que se extiendan a otros ficheros."}], "lastModified": "2009-02-05T06:29:19.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:torrenttrader:torrenttrader:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "007AEE79-288B-45CF-A416-3374512B9830", "versionEndIncluding": "1.07"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}