Deserialization of Untrusted Data

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialization process. An attacker can execute arbitrary code or read files by supplying crafted serialized data. Detai...

GHSA-H29G-C9CX-C73Q torrentpier has PHP Serialize Injections

Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an attacker to modify serialized objects in order to inject malicious data into the application code, resulting in code execution or an arbitrary...

torrentpier has PHP Serialize Injections

Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an attacker to modify serialized objects in order to inject malicious data into the application code, resulting in code execution or an arbitrary...

Authenticated SQL Injection

torrentpier/torrentpier is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicid parameter in modcp.php, which allows an authenticated moderator to inject malicious SQL queries and exploit the database...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

SQL Injection

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to SQL Injection via the validatemodecondition function in the modcp.php file when handling the topicid parameter. An attacker can execute arbitrary SQL queries by...

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

CVE-2025-64519

TorrentPier (PHP) up to version 2.8.8 is affected by an authenticated SQL injection in the moderator control panel (modcp.php) via the topic_id parameter. The root cause is unsafely embedding the $topic_id input into an SQL query, enabling an authenticated moderator to execute arbitrary SQL with ...

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

GHSA-4RWR-8C3M-55F6 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Summary An authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying a malicious topicid t parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to t...

EUVD-2025-50812

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topicid parameter...

PT-2025-46214

Name of the Vulnerable Software and Affected Versions TorrentPier versions up to and including 2.8.8 Description TorrentPier, a BitTorrent Public/Private tracker engine, contains an authenticated SQL injection flaw in the moderator control panel, specifically within the modcp.php file. A user wit...

Torrentpier TorrentPier SQL注入漏洞

Torrentpier TorrentPier is a bull-driven BitTorrent public/private tracker engine from Torrentpier Inc. A SQL injection vulnerability exists in Torrentpier TorrentPier 2.8.8 and earlier versions, which stems from improper handling of the topicid parameter in modcp.php, which could lead to a SQL...

EUVD-2024-2336

Malicious code in bioql PyPI...

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624

TorrentPier vulnerability CVE-2024-40624 affects the PHP-based torrent tracker where get_tracks() deserializes user-controlled cookies using PHP’s native serialization. The root cause is unsafe deserialization of cookies, enabling an attacker to craft a cookie (e.g., bb_t) that, when visiting pag...