CVE-2025-64519

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-64519

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-64519.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-64519

Aliases

GHSA-4rwr-8c3m-55f6

Published

2025-11-10T22:17:31Z

Modified

2025-11-13T02:50:04.588539Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Details

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (modcp.php). Users with moderator permissions can exploit this vulnerability by supplying a malicious topic_id (t) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.

Database specific

{
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Git / github.com/torrentpier/torrentpier

Affected ranges

Type: GIT
Repo: https://github.com/torrentpier/torrentpier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80

Affected versions

2.*

2.3.0.4-beta

2.3.0.4-beta2

v2.*

v2.0.0

v2.0.261

v2.0.300

v2.0.400

v2.0.456

v2.0.463

v2.0.477

v2.0.491

v2.0.500

v2.0.506

v2.0.552

v2.0.556

v2.0.560

v2.0.564

v2.0.572

v2.0.581

v2.0.583

v2.0.584

v2.0.585

v2.0.586

v2.0.587

v2.0.588

v2.0.589

v2.0.590

v2.0.591

v2.0.592

v2.0.593

v2.0.593b

v2.0.594

v2.0.594b

v2.0.595

v2.0.596

v2.0.597

v2.0.598

v2.0.599

v2.0.599b

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.3.0

v2.3.0.1

v2.3.0.2

v2.3.0.3

v2.3.1

v2.3.1-rc1

v2.4.0

v2.4.0-alpha1

v2.4.0-alpha2

v2.4.0-alpha3

v2.4.0-alpha4

v2.4.0-beta1

v2.4.0-beta2

v2.4.0-beta3

v2.4.0-beta4

v2.4.0-rc1

v2.4.0-rc2

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.5-rc.1

v2.4.5-rc.2

v2.4.5-rc.3

v2.4.5-rc.4

v2.4.5-rc.5

v2.4.6-alpha.1

v2.4.6-alpha.2

v2.4.6-alpha.3

v2.4.6-alpha.4

v2.5.0

v2.6.0

v2.7.0

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.4.1

v2.8.5

v2.8.6

v2.8.7

v2.8.8