VYPR

Packagist (Composer) package

torrentpier/torrentpier

pkg:composer/torrentpier/torrentpier

Vulnerabilities (3)

  • CVE-2025-64519Nov 10, 2025
    affected < 2.8.9fixed 2.8.9

    TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulne

  • CVE-2024-40624CriJul 15, 2024
    affected < 2.4.4fixed 2.4.4

    TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies. One can use phpggc and the chain Guzzle/

  • CVE-2024-1651Feb 19, 2024
    affected <= 2.4.1

    Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.