CVE-2009-2159

Metadata

CVE-2009-2159
6.4
securityfocus.com, securityfocus.com, waraxe.us, exchange.xforce.ibmcloud.com, exploit-db.com
2009-06-22
2017-09-29 06:09

Description

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.

Related Vulnerabilities