Vulnerabilities > Btitracker
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-07 | CVE-2006-7159 | Directory traversal vulnerability in include/prune_torrents.php in BTI-Tracker 1.3.2 (aka btitracker) allows remote attackers to delete arbitrary files via ".." sequences in the TORRENTSDIR parameter in a prune action. | 6.4 |
2007-02-07 | CVE-2006-6972 | SQL-Injection vulnerability in Btitracker SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) by and (2) order parameters. | 7.5 |