PT-2006-6942 · Torrentflux · Torrentflux
R0Ut3R
·
Published
2006-12-06
·
Updated
2017-10-19
·
CVE-2006-6330
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TorrentFlux version 2.2
Description
The issue allows remote registered users to execute arbitrary commands. This is achieved by injecting shell metacharacters into the
kill parameter in the index.php file.Recommendations
For TorrentFlux version 2.2, consider restricting access to the
kill parameter in the index.php file until a patch is available. As a temporary workaround, restrict the use of shell metacharacters in user input to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Torrentflux