FKIE_CVE-2025-64519

Vulnerability from fkie_nvd - Published: 2025-11-10 23:15 - Updated: 2025-11-12 21:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.
References
security-advisories@github.comhttps://github.com/torrentpier/torrentpier/commit/6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80
security-advisories@github.comhttps://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80."
    },
    {
      "lang": "es",
      "value": "TorrentPier es un motor de tracker BitTorrent P\u00fablico/Privado de c\u00f3digo abierto, escrito en PHP.  En versiones hasta la 2.8.8 inclusive, existe una vulnerabilidad de inyecci\u00f3n SQL autenticada en el panel de control del moderador (\u0027modcp.php\u0027). Los usuarios con permisos de moderador pueden explotar esta vulnerabilidad suministrando un par\u00e1metro \u0027topic_id\u0027 (\u0027t\u0027) malicioso. Esto permite a un moderador autenticado ejecutar consultas SQL arbitrarias, lo que lleva a la posible divulgaci\u00f3n, modificaci\u00f3n o eliminaci\u00f3n de cualquier dato en la base de datos. Aunque requiere privilegios de moderador, sigue siendo grave. Una cuenta de moderador maliciosa o comprometida puede aprovechar esta vulnerabilidad para leer, modificar o eliminar datos. Un parche est\u00e1 disponible en el commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80."
    }
  ],
  "id": "CVE-2025-64519",
  "lastModified": "2025-11-12T21:15:54.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-10T23:15:41.833",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/torrentpier/torrentpier/commit/6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.