CVE-2006-7159

Name of the Vulnerable Software and Affected Versions BTI-Tracker version 1.3.2

Description A directory traversal issue exists, allowing remote attackers to delete arbitrary files. This is achieved by using ".." sequences in the TORRENTSDIR parameter within a prune action.

Recommendations For BTI-Tracker version 1.3.2, as a temporary workaround, consider restricting access to the prune action in include/prune torrents.php to minimize the risk of exploitation. Avoid using the TORRENTSDIR parameter with untrusted input until the issue is resolved.