header-logo
Suggest Exploit
vendor:
TorrentFlux
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: TorrentFlux
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: N/A
CPE: a:torrentflux:torrentflux
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

TorrentFlux Directory Traversal Vulnerability

TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

Mitigation:

Input validation should be used to prevent directory traversal attacks. Sanitize user-supplied input to prevent attackers from exploiting this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20771/info

TorrentFlux is prone to a directory-traversal vulnerability because the application fails to properly sanitize user-supplied input. 

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid attackers in further attacks.

TorrentFlux 2.1 is reported vulnerable; other versions may be affected as well.

http://www.example.com/torrentfluxroot/dir.php?dir=\.\./\.\./\.\./etc/