GHSA-H29G-C9CX-C73Q torrentpier has PHP Serialize Injections

Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an attacker to modify serialized objects in order to inject malicious data into the application code, resulting in code execution or an arbitrary...

Deserialization of Untrusted Data

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialization process. An attacker can execute arbitrary code or read files by supplying crafted serialized data. Detai...

torrentpier has PHP Serialize Injections

Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an attacker to modify serialized objects in order to inject malicious data into the application code, resulting in code execution or an arbitrary...

CVE-2025-64519

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

SQL Injection

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to SQL Injection via the validatemodecondition function in the modcp.php file when handling the topicid parameter. An attacker can execute arbitrary SQL queries by...

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

CVE-2025-64519 TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel modcp.php. Users with moderator permissions can exploit this vulnerability by supplying...

EUVD-2025-50812

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topicid parameter...

Torrentpier TorrentPier SQL注入漏洞

Torrentpier TorrentPier is a bull-driven BitTorrent public/private tracker engine from Torrentpier Inc. A SQL injection vulnerability exists in Torrentpier TorrentPier 2.8.8 and earlier versions, which stems from improper handling of the topicid parameter in modcp.php, which could lead to a SQL...

PT-2025-46214

Name of the Vulnerable Software and Affected Versions TorrentPier versions up to and including 2.8.8 Description TorrentPier, a BitTorrent Public/Private tracker engine, contains an authenticated SQL injection flaw in the moderator control panel, specifically within the modcp.php file. A user wit...

CVE-2024-40624

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624

TorrentPier vulnerability CVE-2024-40624 affects the PHP-based torrent tracker where get_tracks() deserializes user-controlled cookies using PHP’s native serialization. The root cause is unsafe deserialization of cookies, enabling an attacker to craft a cookie (e.g., bb_t) that, when visiting pag...

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

CVE-2024-40624 Deserialization of untrusted data in torrentpier/torrentpier

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to...

TorrentPier Deserialization of Untrusted Data vulnerability

Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...

GHSA-FG86-4C2R-7WXW TorrentPier Deserialization of Untrusted Data vulnerability

Summary In torrentpier/library/includes/functions.php, gettracks uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.phpL41-L60 PoC One can use...

Insecure Deserialization

Torrentpier is vulnerable to Insecure Deserialization. The vulnerability is due to a lack of proper validation during deserialization. This allows an attacker to execute arbitrary commands on the server...

GHSA-5RWM-2XW8-HH9P Deserialization of Untrusted Data in Torrentpier

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization...

Deserialization of Untrusted Data in Torrentpier

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization...