CVE-2024-1651

Description

Torrentpier version 2.4.1 allows executing arbitrary commands on the server.

This is possible because the application is vulnerable to insecure deserialization.

Fluid Attacks

Severity: CRITICAL
CVE ID: CVE-2024-1651
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

sharpicx

Torrentpier v2.4.1. CVE-2024-1651. Remote Code Execution (RCE). Exploit.

Refrence: GitHub

hy011121

(Mirorring)

Refrence: GitHub

Whiteh4tWolf

Refrence: GitHub