KTorrent PHP Code Injection And Security Bypass Vulnerability Network Vulnerability

Summary

This host has KTorrent installed and is prone to Security Bypass vulnerability.

Impact

Successful exploitation could allow remote attackers to execute arbitrary PHP code and also bypass security restriction when affected web interface plugin is enabled. Impact Level: System

Solution

Upgade to 3.1.4 or higher version http://ktorrent.org/

Insight

The flaws are due to - sending improperly sanitised request into PHP interpreter. This can be exploited by injecting PHP code. - web interface plugin does not properly restrict access to the torrent upload functionality via HTTP POST request.

Affected

KTorrent version prior to 3.1.4 on Linux.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504178
http://secunia.com/advisories/32442
https://bugs.gentoo.org/show_bug.cgi?id=244741

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5905, CVE-2008-5906

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Apache OFBiz Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities