CVE-2024-1651

Torrentpier 2.4.1 - RCE

CVSS 10 CRITICALEPSS 34.0%CWE-502

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Torrentpier · Torrentpier

public PoCs found — 4

githubgithub.com/sharpicx/CVE-2024-1651-PoC★ 15 githubgithub.com/hy011121/CVE-2024-1651-exploit-RCE★ 3 githubgithub.com/Whiteh4tWolf/CVE-2024-1651-PoC★ 0 githubgithub.com/killukeren/cve-2024-1651★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/xavi/https://github.com/torrentpier/torrentpier