CVE-2024-1651

CRITICAL

Torrentpier 2.4.1 - Remote Code Execution via Insecure Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2024-1651. PoCs published by sharpicx, hy011121, killukeren.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-1651, leveraging insecure object deserialization in a PHP-based forum software to achieve remote code execution (RCE). The exploit authenticates, crafts a malicious serialized payload using GuzzleHttp components, and uploads a PHP shell for command execution.

Description

Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization.

Exploits (4)

nomisec WORKING POC 14 stars
by sharpicx · poc
https://github.com/sharpicx/CVE-2024-1651-PoC

This repository contains a functional exploit for CVE-2024-1651, leveraging insecure object deserialization in a PHP-based forum software to achieve remote code execution (RCE). The exploit authenticates, crafts a malicious serialized payload using GuzzleHttp components, and uploads a PHP shell for command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown PHP-based forum software (likely a specific version)
Auth required
Prerequisites: Valid credentials for the target forum · Access to a vulnerable forum topic ID
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 3 stars
by hy011121 · poc
https://github.com/hy011121/CVE-2024-1651-exploit-RCE

This repository contains a functional exploit for CVE-2024-1651, targeting Torrentpier v2.4.1. The exploit leverages unsafe deserialization to achieve remote code execution (RCE) by crafting a malicious serialized object and uploading a PHP shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Torrentpier v2.4.1
Auth required
Prerequisites: Valid credentials for the target application · Access to a vulnerable forum ID
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by killukeren · poc
https://github.com/killukeren/cve-2024-1651

This repository contains a functional exploit for CVE-2024-1651, leveraging PHP deserialization in a web application to achieve remote code execution (RCE). The exploit logs in with hardcoded credentials, crafts a malicious serialized payload, and uploads a PHP shell to a vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Unknown web application (likely a forum or CMS using PHP)
Auth required
Prerequisites: Valid credentials for the target application · Network access to the target host · Vulnerable version of the target software
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Whiteh4tWolf · poc
https://github.com/Whiteh4tWolf/CVE-2024-1651-PoC

This repository contains a functional exploit for CVE-2024-1651, leveraging insecure object deserialization in a PHP-based forum software to achieve remote code execution (RCE). The exploit authenticates, crafts a malicious serialized payload, and uploads a shell to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: PHP-based forum software (likely MyBB or similar)
Auth required
Prerequisites: Valid credentials for the target forum · Access to a vulnerable forum topic ID
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory
https://fluidattacks.com/advisories/xavi/

Scores

CVSS v3 10.0
EPSS 0.3400
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-502
Status published
Products (2)
torrentpier/torrentpier 2.4.1
torrentpier/torrentpier 0Packagist
Published Feb 20, 2024
Tracked Since Feb 18, 2026