CVE-2023-5263

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2022-2271

The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2021-24322

The Database Backup for WordPress plugin before 2.4 did not escape the backuprecipient POST parameter in before output it back in the attribute of an HTML tag, leading to a Stored Cross-Site Scripting issue...

CVE-2020-21785

In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability...

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly...

CVE-2020-21997

Smartwares HOME easy =1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control...

CVE-2018-20887

cPanel before 74.0.0 allows SQL injection during database backups SEC-420...

CVE-2019-19801

In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases...

CVE-2019-11200

Dolibarr ERP/CRM 9.0.1 provides a web-based functionality that backs up the database content to a dump file. However, the application performs insufficient checks on the export parameters to mysqldump, which can lead to execution of arbitrary binaries on the server. Malicious binaries can be...

CVE-2019-14949

The wp-database-backup plugin before 5.1.2 for WordPress has XSS...

CVE-2018-18487

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...

CVE-2016-10876

The wp-database-backup plugin before 4.3.1 for WordPress has CSRF...

CVE-2025-3729

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os...

CVE-2025-3729

The CVE-2025-3729 entry affects SourceCodester Web-based Pharmacy Product Management System 1.0, specifically the Database Backup Handler’s backup.php. The root cause is improper handling/manipulation of the txtdbname argument, which enables os command injection. Impact is high: remote attack pot...

CVE-2025-3729 SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os...

CVE-2025-3729 SourceCodester Web-based Pharmacy Product Management System Database Backup backup.php os command injection

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os...

Citrix Endpoint Management (aka XenMobile Server) 10.16.0 Rolling Patch 5

Package name: xms10.16.0.10551.bin For: XenMobile Server 10.16.0 Deployment type: On-premises only Replaces: xms10.16.0.10427.bin, xms10.16.0.10318.bin, xms10.16.0.10205.bin, xms10.16.0.10108.bin Date: April 2025 Languages supported: English US Important notes about this update As a best practice...

CVE-2025-32246

Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through = 1.0.3...