CSRF exists in the web UI in Deluge prior to 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deluge-torrent deluge |
||
debian debian linux 8.0 |