PT-2006-7201 · Torrentflux · Torrentflux
R0Ut3R
·
Publicado
2006-12-15
·
Atualizado
2017-10-19
·
CVE-2006-6599
CVSS v2.0
6.0
Média
| Vetor | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TorrentFlux version 2.2
Description
The issue allows remote authenticated users to execute arbitrary commands. This is achieved by injecting shell metacharacters, such as the semicolon (;), into the
announce parameter in the maketorrent.php file.Recommendations
For TorrentFlux version 2.2, consider restricting access to the maketorrent.php file until a patch is available, and avoid using the
announce parameter with untrusted input to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Torrentflux