torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact.