Back to search
CVE-2019-13640
Published: Jul 17, 2019
Modified: Oct 31, 2024
PUBLISHED
Description
In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/qbittorrent/qBittorrent/issues/10925
x_refsource_MISC
openSUSE-SU-2019:2005
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2024
vendor-advisory
x_refsource_SUSE
FEDORA-2019-2cb551904b
vendor-advisory
x_refsource_FEDORA
FEDORA-2019-ce6c6de3cc
vendor-advisory
x_refsource_FEDORA
DSA-4650
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now