CVE-2009-2159

Publication date

2009-06-22 19:00:00

Family

mitre

State

PUBLISHED

Description

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/.