22 matches found
EUVD-2026-19500
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...
CVE-2026-35399
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...
CVE-2026-35399
WeGIA Web manager (charitable institutions) is affected by a stored XSS vulnerability prior to version 3.6.9. An attacker can inject malicious scripts via a backup filename, potentially causing the victim’s browser to execute code and compromise session data or perform actions on behalf of the us...
PT-2026-30736
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...
CVE-2026-24129
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
CVE-2026-24129
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
CVE-2026-24129
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
CVE-2026-24129
Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...
CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution
Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...
PT-2026-4303
Name of the Vulnerable Software and Affected Versions Runtipi versions 3.7.0 through 4.6.9 Description Runtipi is a Docker-based, personal homeserver orchestrator. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server. This occurs because the...
CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
Design/Logic Flaw
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
CVE-2024-0761 File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...
File Manager < 7.2.2 - Sensitive Information Exposure via Backup Filenames
Description The plugin is vulnerable to Sensitive Information Exposure due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2019-12564
In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames...
XCloner - Backup and Restore < 3.1.5 - Authenticated Path Traversal
Authenticated users are able to perform directory listings at any location available to the Wordpress user, leaking filenames of previous backups. This was found in XCloner - Backup and Restore version 3.1.4, but may have been introduced in earlier versions. Attackers can leverage directory...
WordPress Xcloner Plugin and Joomla! Xcloner Plugin Execute Arbitrary Code Vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language . Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. XCloner is one of the plug-ins used to back up and restore data and...