8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-64519

CVE-2025-64519: TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (modcp.php). Users with moderator permissions can exploit this vulnerability by supplying a malicious topic_id (t) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-64519

CVE-2025-64519:

8.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
torrentpier/torrentpier	composer	<= 2.8.8

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The security vulnerability is a classic SQL injection located in the modcp.php file of TorrentPier. The root cause is the failure to sanitize the topic_id parameter, which is read from the HTTP request. The value is directly embedded into a SQL query string. The provided patch, found in commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80, confirms this by changing the code to cast the topic_id to an integer. This action ensures that any non-numeric input is converted to a safe value, thereby preventing the injection of malicious SQL commands. The vulnerable code is not encapsulated within a specific function but is part of the main script execution of modcp.php. Therefore, a runtime profiler would indicate that the modcp.php script is the source of the vulnerable operation when the exploit is triggered.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-64519: TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

CVE-2025-64519:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Basic Information

Basic Information

CVE-2025-64519: TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Technical Details

8.8

8.8

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

8.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-64519: TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

CVE-2025-64519:

8.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

CVE-2025-64519: TorrentPier is Vulnerable to Authenticated SQL Injection through Moderator Control Panel's topic_id parameter

Technical Details

8.8

8.8

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI