details.php in BtiTracker prior to 1.4.5, when torrent viewing is disabled for guests, allows remote malicious users to bypass protection mechanisms via a direct request, as demonstrated by (1) reading the details of an arbitrary torrent and (2) modifying a torrent owned by a guest.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bti-tracker bti-tracker |