Packagist (Composer) package
torrentpier/torrentpier
pkg:composer/torrentpier/torrentpier
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-64519 | — | < 2.8.9 | 2.8.9 | Nov 10, 2025 | TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulne | ||
| CVE-2024-40624 | Cri | 9.8 | < 2.4.4 | 2.4.4 | Jul 15, 2024 | TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/ | |
| CVE-2024-1651 | — | <= 2.4.1 | — | Feb 19, 2024 | Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. |
- CVE-2025-64519Nov 10, 2025affected < 2.8.9fixed 2.8.9
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulne
- affected < 2.4.4fixed 2.4.4
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/
- CVE-2024-1651Feb 19, 2024affected <= 2.4.1
Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.