Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) account-inbox.php, (2) account-settings.php, and possibly (3) backend/functions.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/36119
http://www.torrenttrader.org/index.php?showtopic=6255
http://www.torrenttrader.org/index.php?showtopic=5776