Search criteria
3 vulnerabilities by torrentpier
CVE-2025-64519 (GCVE-0-2025-64519)
Vulnerability from cvelistv5 – Published: 2025-11-10 22:17 – Updated: 2025-11-12 20:13
VLAI?
Title
TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter
Summary
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| torrentpier | torrentpier |
Affected:
<= 2.8.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64519",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:34:08.956737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:13:03.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "torrentpier",
"vendor": "torrentpier",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.8.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T22:17:31.083Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6"
},
{
"name": "https://github.com/torrentpier/torrentpier/commit/6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torrentpier/torrentpier/commit/6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80"
}
],
"source": {
"advisory": "GHSA-4rwr-8c3m-55f6",
"discovery": "UNKNOWN"
},
"title": "TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel\u0027s topic_id parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64519",
"datePublished": "2025-11-10T22:17:31.083Z",
"dateReserved": "2025-11-05T21:15:39.400Z",
"dateUpdated": "2025-11-12T20:13:03.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40624 (GCVE-0-2024-40624)
Vulnerability from cvelistv5 – Published: 2024-07-15 19:28 – Updated: 2024-08-02 04:33
VLAI?
Title
Deserialization of untrusted data in torrentpier/torrentpier
Summary
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to an arbitrary file, and execute commands on the system. For instance, the cookie bb_t will be deserialized when browsing to viewforum.php. This issue has been addressed in commit `ed37e6e52` which is expected to be included in release version 2.4.4. Users are advised to upgrade as soon as the new release is available. There are no known workarounds for this vulnerability.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| torrentpier | torrentpier |
Affected:
< 2.4.4
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:torrentpier:torrentpier:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "torrentpier",
"vendor": "torrentpier",
"versions": [
{
"lessThan": "2.4.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40624",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T20:17:52.971854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:37:32.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw"
},
{
"name": "https://github.com/torrentpier/torrentpier/commit/ed37e6e522f345f2b46147c6f53c1ab6dec1db9e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torrentpier/torrentpier/commit/ed37e6e522f345f2b46147c6f53c1ab6dec1db9e"
},
{
"name": "https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php#L41-L60",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php#L41-L60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "torrentpier",
"vendor": "torrentpier",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to an arbitrary file, and execute commands on the system. For instance, the cookie bb_t will be deserialized when browsing to viewforum.php. This issue has been addressed in commit `ed37e6e52` which is expected to be included in release version 2.4.4. Users are advised to upgrade as soon as the new release is available. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T19:28:35.905Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-fg86-4c2r-7wxw"
},
{
"name": "https://github.com/torrentpier/torrentpier/commit/ed37e6e522f345f2b46147c6f53c1ab6dec1db9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torrentpier/torrentpier/commit/ed37e6e522f345f2b46147c6f53c1ab6dec1db9e"
},
{
"name": "https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php#L41-L60",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php#L41-L60"
}
],
"source": {
"advisory": "GHSA-fg86-4c2r-7wxw",
"discovery": "UNKNOWN"
},
"title": "Deserialization of untrusted data in torrentpier/torrentpier"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-40624",
"datePublished": "2024-07-15T19:28:35.905Z",
"dateReserved": "2024-07-08T16:13:15.509Z",
"dateUpdated": "2024-08-02T04:33:11.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1651 (GCVE-0-2024-1651)
Vulnerability from cvelistv5 – Published: 2024-02-19 23:49 – Updated: 2024-08-27 18:42
VLAI?
Title
Torrentpier 2.4.1 - RCE
Summary
Torrentpier version 2.4.1 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to insecure deserialization.
Severity ?
10 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Torrentpier | Torrentpier |
Affected:
2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:20.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/torrentpier/torrentpier"
},
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/xavi/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:torrentpier:torrentpier:2.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "torrentpier",
"vendor": "torrentpier",
"versions": [
{
"status": "affected",
"version": "2.4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T17:48:28.423680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T18:42:28.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Torrentpier",
"vendor": "Torrentpier",
"versions": [
{
"status": "affected",
"version": "2.4.1"
}
]
}
],
"datePublic": "2024-02-19T23:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTorrentpier version 2.4.1 allows executing arbitrary commands on the server.\u003c/div\u003e\u003cdiv\u003eThis is possible because the application is vulnerable to insecure deserialization.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Torrentpier version 2.4.1 allows executing arbitrary commands on the server.\n\nThis is possible because the application is vulnerable to insecure deserialization.\n\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-19T23:49:28.471Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://github.com/torrentpier/torrentpier"
},
{
"url": "https://fluidattacks.com/advisories/xavi/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Torrentpier 2.4.1 - RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2024-1651",
"datePublished": "2024-02-19T23:49:28.471Z",
"dateReserved": "2024-02-19T23:43:14.777Z",
"dateUpdated": "2024-08-27T18:42:28.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}