← back
CVE-2009-2161

CVE-2009-2161

EPSS 2.4%
Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/8958unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/35456https://exchange.xforce.ibmcloud.com/vulnerabilities/51146https://www.exploit-db.com/exploits/8958http://www.securityfocus.com/archive/1/504294/100/0/threadedhttp://www.securityfocus.com/bid/35369http://www.waraxe.us/advisory-74.html