CVE-2006-6331

Name of the Vulnerable Software and Affected Versions TorrentFlux version 2.2

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the torrent parameter to API endpoints such as "details.php" and "startpop.php", when the $cfg["enable file priority"] is set to false.

Recommendations For TorrentFlux version 2.2, consider setting $cfg["enable file priority"] to true as a temporary workaround to mitigate the risk of exploitation. Restrict access to the "details.php" and "startpop.php" API endpoints to minimize the risk of exploitation. Avoid using shell metacharacters in the torrent parameter until the issue is resolved.