CVE-2008-6586

Torrent WebUI 0.315 - Cross-Site Request Forgery via add-url and setsetting Actions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6586. PoCs published by th3.r00k.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in uTorrent WebUI, allowing remote attackers to execute arbitrary actions such as forcing file downloads or changing administrative credentials via crafted HTTP requests.

Description

Cross-site request forgery (CSRF) vulnerability in gui/index.php in µTorrent (uTorrent) WebUI 0.315 allows remote attackers to (1) hijack the authentication of users for requests that force the download of arbitrary torrent files via the add-url action and (2) hijack the authentication of administrators for requests that modify the administrator account via the setsetting action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by th3.r00k · textwebappsphp
https://www.exploit-db.com/exploits/31672

The exploit demonstrates a CSRF vulnerability in uTorrent WebUI, allowing remote attackers to execute arbitrary actions such as forcing file downloads or changing administrative credentials via crafted HTTP requests.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: uTorrent WebUI 0.310 beta 2
No auth needed
Prerequisites: Victim must be authenticated to the uTorrent WebUI
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41926
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491066/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/44647
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28847

Scores

EPSS 0.0020
EPSS Percentile 42.1%

Details

CWE
CWE-352
Status published
Products (1)
utorrent/utorrent_webui 0.315
Published Apr 03, 2009
Tracked Since Feb 18, 2026