CVE-2024-1651

Torrentpier 2.4.1 - RCE

CVSS 10 CRITICALEPSS 34.0%CWE-502

Vexday Risk Score

60Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 10EPSS 34.0%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

19 Feb 2024Published on NVD

23 Feb 2024Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products

Torrentpier · Torrentpier

public PoCs found — 4

githubgithub.com/sharpicx/CVE-2024-1651-PoC★ 15 githubgithub.com/hy011121/CVE-2024-1651-exploit-RCE★ 3 githubgithub.com/Whiteh4tWolf/CVE-2024-1651-PoC★ 0 githubgithub.com/killukeren/cve-2024-1651★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fluidattacks.com/advisories/xavi/https://github.com/torrentpier/torrentpier