Improper input validation in Torrentflux_project Torrentflux

CVE-2014-6029

TorrentFlux 2.4 allows remote authenticated users to delete or modify other users' cookies via the cid parameter in an editCookies action to profile.php.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.017 (74.3th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References