metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote malicious users to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
torrentflux torrentflux 2.2 |