PT-2024-9180 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.51866 Description: The issue is related to the absence of an authorization procedure when handling a query parameter, allowing an unauthenticated database backup download. This could enable a remote...

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...

CVE-2024-42607

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/adminbackup.php?dobackup=database...

How to Backup the XenMobile Database

This article describes how to back up the XenMobile database...

CVE-2024-37113 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-37113 WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

Net Titanium Technology idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.35, which was discovered to contain a Cross Site...

WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability

Unauthenticated Database Backup Download vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WishList Member X versions 3.26.7...

WordPress Plugin BackWPup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-22988

ZKteco ZKBio WDMS before 9.0.2 Build 20250526 allows an attacker to download a database backup via the /files/backup/ component because the filename is based on a predictable timestamp...

CVE-2023-50017

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/database/backup...

Cross site request forgery (csrf)

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/database/backup...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

Improper access control

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-38880

The CVE-2023-38880 entry describes a broken access control in OS4ED OpenSIS Classic Community Edition v9.0, where database backups created by an admin are stored in the web root with easily guessable names like opensisBackup.sql. This allows any unauthenticated actor to access a complete database...

CVE-2023-38880

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of "opensisBackup.sql" e.g...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...

CVE-2023-46482

SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component...