PT-2006-6942 · Torrentflux · Torrentflux
R0Ut3R
·
Publicado
2006-12-06
·
Atualizado
2017-10-19
·
CVE-2006-6330
CVSS v2.0
6.0
Média
| Vetor | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TorrentFlux version 2.2
Description
The issue allows remote registered users to execute arbitrary commands. This is achieved by injecting shell metacharacters into the
kill parameter in the index.php file.Recommendations
For TorrentFlux version 2.2, consider restricting access to the
kill parameter in the index.php file until a patch is available. As a temporary workaround, restrict the use of shell metacharacters in user input to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Torrentflux