Torrentpier vulnerabilities
3 known vulnerabilities affecting torrentpier/torrentpier.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-1651P2CRITICALCVSS 9.8v2.4.12024-02-20
CVE-2024-1651 [CRITICAL] CWE-502 CVE-2024-1651: Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible becau
Torrentpier version 2.4.1 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to insecure deserialization.
ghsanvdosv
CVE-2024-40624P3CRITICALCVSS 9.8fixed in 2.4.42024-07-15
CVE-2024-40624 [CRITICAL] CWE-502 CVE-2024-40624: TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentp
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to an arbitrary file, and execute commands on t
ghsanvdosv
CVE-2025-64519P3HIGHCVSS 8.8≤ 2.8.82025-11-10
CVE-2025-64519 [HIGH] CWE-89 CVE-2025-64519: TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows a
ghsanvdosv