This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Qbittorrent First view 2019-05-09
Product Qbittorrent Last view 2019-07-17
Version 3.3.15 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:qbittorrent:qbittorrent

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-07-17 CVE-2019-13640

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.

7.1 2019-05-09 CVE-2017-12778

** DISPUTED ** The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\\Roaming\qBittorrent pathname. The attacker must change the value of the "locked" attribute to "false" within the "Locking" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-287 Improper Authentication
50% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...