85 matches found
CVE-2015-4181
CVE-2015-4181 affects phpMyBackupPro versions 2.1–2.5 (get_file.php) with a directory traversal via the view parameter, enabling remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/NVD-linked CNVD entries) as a path-traversal vulnerability in get_file.ph...
Input validation
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...
CVE-2015-3638
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...
CVE-2015-3639
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...
CVE-2015-3640
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...
Design/Logic Flaw
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...
CVE-2015-3638
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...
CVE-2015-3639
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...
CVE-2015-3638
CVE-2015-3638 affects phpMyBackupPro prior to 2.5, where input validation is insufficient. An authenticated remote attacker can inject and execute arbitrary PHP code through the scheduled.php endpoint by supplying crafted values for path, filename, and period, or by injecting PHP into a PHP confi...
CVE-2015-3640
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...
CVE-2015-3640
CVE-2015-3640 affects phpMyBackupPro 2.5 and earlier. Root cause: improper escaping of the "." character in request parameters. Preconditions: attacker must be authenticated and know a web‑accessible, web‑writable directory. Exploit: can inject and execute arbitrary PHP scripts by supplying malic...
CVE-2015-3639
CVE-2015-3639 affects phpMyBackupPro 2.5 and earlier. The issue arises from improper sanitization of input strings, enabling a remote authenticated user to store a crafted string in a user configuration file that can lead to arbitrary PHP code execution. The available connected documents confirm ...
Multiple Vulnerabilities in phpMyBackupPro
phpMyBackupPro is a professional MySql backup tool. A remote command execution and cross-site request forgery vulnerability exists in phpMyBackupPro 2.5. phpMyBackupPro uses a php configuration file globalconf.php to manage the settings, allowing the user to change the sql host, emails, etc. The...
phpMyBackupPro 2.5 - 远程代码执行/CSRF
No description provided by source...
phpMyBackupPro 2.5 Shell Upload
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILEUPLOADVULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...
phpMyBackupPro 2.5 CSRF / Remote Command Execution
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...
phpMyBackupPro 2.5 Cross Site Scripting
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-XSS.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...
phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery
phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site:...
phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...
phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery
Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: =========================== phpMyBackupPro v.2.5 PMBP phpMyBackup Pro is a very easy to use, free,...