Lucene search

[email protected]CVE-2006-6331

HistoryDec 06, 2006 - 9:28 p.m.

CVE-2006-6331

2006-12-0621:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6331

torrentflux

remote execution

shell metacharacters

command injection

7.9 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

metaInfo.php in TorrentFlux 2.2, when $cfg[“enable_file_priority”] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.

CPENameOperatorVersion
torrentflux:torrentfluxtorrentfluxeq2.2

CPE	Name	Operator	Version
torrentflux:torrentflux	torrentflux	eq	2.2

References

bugs.debian.org/cgi-bin/bugreport.cgi/11_missed_security_fixes.dpatch?bug=400582%3Bmsg=71%3Batt=1

bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23400582

secunia.com/advisories/23270

7.9 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2006-6331

cvelist1 ubuntucve1