PT-2014-7012 · Torrentflux · Torrentflux
Nicolas Guigo
·
Publicado
2014-09-05
·
Atualizado
2020-01-30
·
CVE-2014-6029
CVSS v2.0
4.9
Média
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TorrentFlux version 2.4
Description
The issue allows remote authenticated users to delete or modify other users' cookies. This can be achieved by manipulating the
cid parameter in an editCookies action to the "profile.php" endpoint.Recommendations
For TorrentFlux version 2.4, consider restricting access to the
cid parameter in the editCookies action to prevent unauthorized modification or deletion of cookies. As a temporary workaround, restrict access to the "profile.php" endpoint until a patch is available.Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Torrentflux