CVE-2008-6586

Name of the Vulnerable Software and Affected Versions uTorrent WebUI version 0.315

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests, forcing the download of arbitrary torrent files via the "add-url" action. Additionally, attackers can hijack administrator authentication for requests that modify the administrator account via the "setsetting" action.

Recommendations For version 0.315, as a temporary workaround, consider restricting access to the gui/index.php file until a patch is available. Avoid using the add-url action and setsetting action in the affected API endpoint until the issue is resolved.