Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote malicious users to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bti-tracker bti-tracker 1.3.2 |
||
btitracker btitracker 1.3.2 |