2 matches found
CVE-2014-6028
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php...
CVE-2014-6028
TorrentFlux 2.4 is affected by an auth-context leakage where the cid parameter in the editCookies action to profile.php can be exploited by remote authenticated users to obtain other users’ cookies. Affected component: profile.php (editCookies action) in TorrentFlux 2.4. Root cause: insecure hand...