TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
BID:21526
Info
TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
| Bugtraq ID: | 21526 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6599 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | r0ut3r is credited with discovering this vulnerability. |
| Vulnerable: |
TorrentFlux TorrentFlux 2.2 |
| Not Vulnerable: | |
Discussion
TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
TorrentFlux is prone to a remote command-execution vulnerability.
Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process.
TorrentFlux version 2.2 is vulnerable to this issue.
TorrentFlux is prone to a remote command-execution vulnerability.
Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process.
TorrentFlux version 2.2 is vulnerable to this issue.
Exploit / POC
TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
Attackers can exploit this issue via a web client.
The following exploit code is available:
Attackers can exploit this issue via a web client.
The following exploit code is available:
Solution / Fix
TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TorrentFlux Maketorrent.PHP Remote Command Execution Vulnerability
References:
References:
- TorrentFlux Homepage (TorrentFlux)