CVE-2014-6028
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0027 (0.3%)
Percentil: 49.9%
EPSS: 2026-05-06
Afecta
torrentflux_project:torrentfluxDescripción técnica
TorrentFlux 2.4 allows remote authenticated users to obtain other users' cookies via the cid parameter in an editCookies action to profile.php.
Publicada: 5/9/2014, 14:55:04
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www.openwall.com/lists/oss-security/2014/08/29/5
- http://www.openwall.com/lists/oss-security/2014/09/02/3
- http://www.securitytracker.com/id/1030791
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573
- http://www.openwall.com/lists/oss-security/2014/08/29/5
- http://www.openwall.com/lists/oss-security/2014/09/02/3
- http://www.securitytracker.com/id/1030791
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759573