Path Traversal

qbitmanage is vulnerable to Path Traversal. The vulnerability is due to improper validation of the backupid parameter in the restoreconfigfrombackup endpoint, which allows an attacker to bypass directory restrictions and read arbitrary files from the server filesystem...

CVE-2025-55295

A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the serv...

CVE-2025-55295 qBit Manage Path Traversal Vulnerability

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbitmanage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restoreconfigfrombackup endpoint. The vulnerability...

PT-2025-33819 · Unknown · Qbit Manage

Name of the Vulnerable Software and Affected Versions: qBit Manage versions prior to 4.5.4 Description: A path traversal vulnerability exists in qBit Manage's web API that allows authenticated users to read arbitrary files from the server filesystem. The vulnerability is located in the restore...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

The vulnerability of the Hot Backup File component in the MongoDB database management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Hot Backup File component in the MongoDB database management system relates to the possibility for users with limited privileges to download backup files, along with obtaining a unique identifier for the backup copy. Exploiting this vulnerability could allow an attacker,...

UBUNTU-CVE-2024-6384

"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...

MongoDB 安全漏洞

MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in MongoDB that stems from the fact that if a less privileged user has access to a unique backup identifier, they may be able to download a hot backup file...

PT-2024-6361 · Mongodb +1 · Mongodb Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: MongoDB Enterprise Server versions prior to 6.0.16 MongoDB Enterprise Server versions prior to 7.0.11 MongoDB Enterprise Server versions prior to 7.3.3 Description: Underprivileged users may download "hot" backup files if they can acquire a...