CVE-2008-6584

Name of the Vulnerable Software and Affected Versions TorrentFlux version 2.3

Description The issue allows remote authenticated users to execute arbitrary code. This is achieved by accessing a URL with a file containing an executable extension in the url upload parameter. The file is downloaded by TorrentFlux and can be accessed via a direct request in the html/downloads/ user directory.

Recommendations For TorrentFlux version 2.3, consider restricting access to the url upload parameter to prevent the upload of files with executable extensions until a patch is available. Additionally, restrict access to the html/downloads/ user directory to minimize the risk of exploitation.