CVE-2008-3784

Description

SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

Affected products

• btitracker_project / btitracker1.4.7
• xbtitracker_project / xbtitracker2.0.542

References

• EXPLOIThttps://www.exploit-db.com/exploits/6296
• MISChttp://securityreason.com/securityalert/4186
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/44627
• MISChttp://www.btiteam.org/
• VENDOR_ADVISORYhttp://secunia.com/advisories/31556
• MISChttp://www.securityfocus.com/bid/30811
• MISChttp://www.btiteam.org/smf/index.php?topic=12068