Vulnerability Description
Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bti-Tracker | Bti-Tracker | 1.3.2 |
| Btitracker | Btitracker | 1.3.2 |
References
- http://secunia.com/advisories/22322PatchVendor Advisory
- http://securityreason.com/securityalert/2377
- http://www.securityfocus.com/archive/1/447928/100/0/threaded
- http://www.securityfocus.com/bid/20422
- http://secunia.com/advisories/22322PatchVendor Advisory
- http://securityreason.com/securityalert/2377
- http://www.securityfocus.com/archive/1/447928/100/0/threaded
- http://www.securityfocus.com/bid/20422
FAQ
What is CVE-2006-7159?
CVE-2006-7159 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter ...
How severe is CVE-2006-7159?
CVE-2006-7159 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7159?
Check the references section above for vendor advisories and patch information. Affected products include: Bti-Tracker Bti-Tracker, Btitracker Btitracker.