Code injection

2014-09-0514:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.9%

JSON

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users’ cookies via the cid parameter in an editCookies action to profile.php.

CPENameOperatorVersion
torrentfluxeq2.4

CPE	Name	Operator	Version
	torrentflux	eq	2.4

References

www.openwall.com/lists/oss-security/2014/08/29/5

www.openwall.com/lists/oss-security/2014/09/02/3

www.securitytracker.com/id/1030791

bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573