Lucene search
K

85 matches found

CVE
CVE
added 2017/08/25 6:0 p.m.49 views

CVE-2015-4181

CVE-2015-4181 affects phpMyBackupPro versions 2.1–2.5 (get_file.php) with a directory traversal via the view parameter, enabling remote attackers to read arbitrary files. The issue is documented across multiple sources (NVD/NVD-linked CNVD entries) as a path-traversal vulnerability in get_file.ph...

7.5CVSS7.4AI score0.11574EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/07/21 2:29 p.m.10 views

Input validation

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...

6.5CVSS7.8AI score0.02131EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/07/21 2:29 p.m.16 views

CVE-2015-3638

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...

8.8CVSS8.8AI score0.02131EPSS
Exploits0References3
NVD
NVD
added 2017/07/21 2:29 p.m.14 views

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

8.8CVSS8.7AI score0.01972EPSS
Exploits0References3
NVD
NVD
added 2017/07/21 2:29 p.m.21 views

CVE-2015-3640

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...

7.5CVSS7.6AI score0.01226EPSS
Exploits0References2
Prion
Prion
added 2017/07/21 2:29 p.m.16 views

Design/Logic Flaw

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

6.5CVSS7.7AI score0.01972EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/07/21 2:0 p.m.17 views

CVE-2015-3638

phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configurati...

8.8AI score0.02131EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/07/21 2:0 p.m.19 views

CVE-2015-3639

phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...

8.7AI score0.01972EPSS
Exploits0References3
CVE
CVE
added 2017/07/21 2:0 p.m.39 views

CVE-2015-3638

CVE-2015-3638 affects phpMyBackupPro prior to 2.5, where input validation is insufficient. An authenticated remote attacker can inject and execute arbitrary PHP code through the scheduled.php endpoint by supplying crafted values for path, filename, and period, or by injecting PHP into a PHP confi...

8.8CVSS8.7AI score0.02131EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/07/21 2:0 p.m.21 views

CVE-2015-3640

phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the pat...

7.6AI score0.01226EPSS
Exploits0References2
CVE
CVE
added 2017/07/21 2:0 p.m.58 views

CVE-2015-3640

CVE-2015-3640 affects phpMyBackupPro 2.5 and earlier. Root cause: improper escaping of the "." character in request parameters. Preconditions: attacker must be authenticated and know a web‑accessible, web‑writable directory. Exploit: can inject and execute arbitrary PHP scripts by supplying malic...

7.5CVSS7.5AI score0.01226EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/07/21 2:0 p.m.44 views

CVE-2015-3639

CVE-2015-3639 affects phpMyBackupPro 2.5 and earlier. The issue arises from improper sanitization of input strings, enabling a remote authenticated user to store a crafted string in a user configuration file that can lead to arbitrary PHP code execution. The available connected documents confirm ...

8.8CVSS8.6AI score0.01972EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/04/18 12:0 a.m.4 views

Multiple Vulnerabilities in phpMyBackupPro

phpMyBackupPro is a professional MySql backup tool. A remote command execution and cross-site request forgery vulnerability exists in phpMyBackupPro 2.5. phpMyBackupPro uses a php configuration file globalconf.php to manage the settings, allowing the user to change the sql host, emails, etc. The...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2016/03/13 12:0 a.m.16 views

phpMyBackupPro 2.5 - 远程代码执行/CSRF

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/16 12:0 a.m.24 views

phpMyBackupPro 2.5 Shell Upload

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-FILEUPLOADVULN.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/16 12:0 a.m.15 views

phpMyBackupPro 2.5 CSRF / Remote Command Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/16 12:0 a.m.27 views

phpMyBackupPro 2.5 Cross Site Scripting

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-XSS.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

Exploits0
exploitpack
exploitpack
added 2016/02/16 12:0 a.m.16 views

phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery

phpMyBackupPro 2.5 - Remote Command Execution Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2016/02/16 12:0 a.m.21 views

phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPMYBACKUPPRO-v2.5-RCE.txt Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: ===========================...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/02/16 12:0 a.m.20 views

phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.phpmybackuppro.net project site: sourceforge.net/projects/phpmybackup/ Product: =========================== phpMyBackupPro v.2.5 PMBP phpMyBackup Pro is a very easy to use, free,...

7.1AI score
Exploits0
Rows per page
Query Builder