Improper input validation in Torrentflux_project Torrentflux
CVE-2014-6029
TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.017 (74.3th percentile) — read the EPSS interpretation.
Affected products
- Torrentflux_project Torrentflux — versions 2.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (mailing-list, x_refsource_MLIST)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (mailing-list, x_refsource_MLIST)