TorrentPier Deserialization of Untrusted Data vulnerability
In torrentpier/library/includes/functions.php, get_tracks() uses the unsafe native PHP serialization format to deserialize user-controlled cookies:
In torrentpier/library/includes/functions.php, get_tracks() uses the unsafe native PHP serialization format to deserialize user-controlled cookies:
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.