Torrentflux: >> Torrentflux >> 2.3 Security Vulnerabilities
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.
CVSS Score
6.0
EPSS Score
0.02
Published
2009-04-03
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
CVSS Score
6.8
EPSS Score
0.012
Published
2009-04-03