Torrentflux: >> Torrentflux >> 2.2 Security Vulnerabilities
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.
CVSS Score
6.0
EPSS Score
0.028
Published
2006-12-15
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
CVSS Score
6.5
EPSS Score
0.024
Published
2006-12-15
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
CVSS Score
4.9
EPSS Score
0.026
Published
2006-12-06
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
CVSS Score
4.9
EPSS Score
0.031
Published
2006-12-06
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVSS Score
6.0
EPSS Score
0.036
Published
2006-12-06
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.
CVSS Score
6.0
EPSS Score
0.005
Published
2006-12-06