QwikSec

Security Database

CVE

CWE

Training

CVE-2017-7178

Published: Mar 18, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://git.deluge-torrent.org/deluge/commit/?h=develop&id=11e8957deaf0c76fdfbac62d99c8b6c61cfdddf9

x_refsource_MISC

http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.14

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://bugs.debian.org/857903

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2017/Mar/6

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.