PT-2004-2160 · Blog Torrent · Blog Torrent

Steve Kemp

Published

2004-12-15

Updated

2017-07-11

CVE-2004-1212

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Blog Torrent preview version 0.8

Description: A directory traversal issue exists, allowing remote attackers to download arbitrary files by including a .. (dot dot) in the file argument.

Recommendations: For Blog Torrent preview version 0.8, consider restricting access to the btdownload.php file until a patch is available. As a temporary workaround, avoid using the file argument with untrusted input in the btdownload.php file.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1212

Affected Products

Blog Torrent

PT-2004-2160 · Blog Torrent · Blog Torrent

CVE-2004-1212

Related Identifiers

Affected Products

References · 6