3 matches found
CVE-2019-13640
In qBittorrent before 4.1.7, the function Application::runExternalProgram located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed...
qBittorrent Command Injection Vulnerability
qBittorrent is a cross-platform lightweight BitTorrent client. A command injection vulnerability exists in the 'Application::runExternalProgram' function of the app/application.cpp file in qBittorren versions prior to 4.1.7. The vulnerability stems from a network system or product not properly...
PT-2019-5248 · Bittorrent +2 · Qbittorrent +2
Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 4.1.7 Description: The issue is related to the function Application::runExternalProgram located in app/application.cpp, which allows command injection via shell metacharacters in the torrent name parameter or...