CVE-2024-40624

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-40624
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40624.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-40624
Aliases
Published
2024-07-15T20:15:04Z
Modified
2024-10-08T04:19:50.375433Z
Summary
[none]
Details

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In torrentpier/library/includes/functions.php, get_tracks() uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/FW1 to write PHP code to an arbitrary file, and execute commands on the system. For instance, the cookie bb_t will be deserialized when browsing to viewforum.php. This issue has been addressed in commit ed37e6e52 which is expected to be included in release version 2.4.4. Users are advised to upgrade as soon as the new release is available. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/torrentpier/torrentpier

Affected ranges

Type
GIT
Repo
https://github.com/torrentpier/torrentpier
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.3.0.4-beta
2.3.0.4-beta2

v2.*

v2.0.0
v2.0.261
v2.0.300
v2.0.400
v2.0.456
v2.0.463
v2.0.477
v2.0.491
v2.0.500
v2.0.506
v2.0.552
v2.0.556
v2.0.560
v2.0.564
v2.0.572
v2.0.581
v2.0.583
v2.0.584
v2.0.585
v2.0.586
v2.0.587
v2.0.588
v2.0.589
v2.0.590
v2.0.591
v2.0.592
v2.0.593
v2.0.593b
v2.0.594
v2.0.594b
v2.0.595
v2.0.596
v2.0.597
v2.0.598
v2.0.599
v2.0.599b
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.3.0
v2.3.0.1
v2.3.0.2
v2.3.0.3
v2.3.1
v2.3.1-rc1
v2.4.0
v2.4.0-alpha1
v2.4.0-alpha2
v2.4.0-alpha3
v2.4.0-alpha4
v2.4.0-beta1
v2.4.0-beta2
v2.4.0-beta3
v2.4.0-beta4
v2.4.0-rc1
v2.4.0-rc2
v2.4.1
v2.4.2
v2.4.3