PT-2025-5619 · Ndpi · Ndpi

Name of the Vulnerable Software and Affected Versions: nDPI versions 4.12 and earlier Description: The issue is a potential stack-based buffer overflow in the ndpi address cache restore function located in lib/ndpi cache.c. This could potentially lead to exploitation. Recommendations: For nDPI...

CVE-2024-54082

home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

CVE-2024-51252

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the restore function...

DrayTek Vigor 3900 安全漏洞

The DrayTek Vigor 3900 is a high-performance router for enterprise networks from China-based DrayTek. A security vulnerability exists in the DrayTek Vigor 3900 version 1.5.1.3, which can be exploited by an attacker to execute arbitrary commands by injecting malicious commands into mainfunction.cg...

PT-2024-7995 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the restore function of the mainfunction.cgi file in the DrayTek Vigor 3900 router'...

CVE-2024-1982

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the getrestoreprogress and restore functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL...

WordPress Plugin Migration, Backup, Staging Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

CVE-2023-4637

The WPvivid plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function in versions up to, and including, 0.9.94. This makes it possible for unauthenticated attackers to invoke these functions and obtain full...

PT-2024-13356 · WordPress · Wpvivid

Name of the Vulnerable Software and Affected Versions: WPvivid plugin for WordPress versions up to, and including, 0.9.94 Description: The issue is related to a missing capability check on the restore and get restore progress functions. This allows unauthenticated attackers to invoke these...

WPvivid < 0.9.95 - Missing Authorization

Description The plugin vulnerable to unauthorized access of data due to a missing capability check on the restore and getrestoreprogress function, making it possible for unauthenticated attackers to invoke these functions and obtain full file paths if they have access to a back-up ID...

CVE-2023-5263

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...

PT-2023-31984 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZZCMS version 2.1.7 Description: A critical issue was found in the restore function of the /admin/save.php file, part of the Database Backup File Handler component. This issue leads to permission problems and can be exploited remotely. The...

CVE-2022-22525

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function...

Input validation

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function...

CVE-2022-22525 Command injection in restore function of Carlo Gavazzi UWP3.0 allows for command injection

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function...

PT-2020-13067 · Silver Peak · Orchestrator +1

Name of the Vulnerable Software and Affected Versions: Silver Peak Unity ECOSTM ECOS appliance software versions prior to 8.1.9.15, 8.3.0.8, 8.3.1.2, 8.3.2.0, 9.0.2.0, and 9.1.0.0 Description: The configuration backup/restore function in the software directly incorporates the user-controlled conf...

SQL Injection

phpMyFAQ/phpMyFAQ is vulnerable to SQL Injections. The library does not properly escape parameters in the SQL query executed by the restore function, allowing malicious users to inject and execute arbitrary SQL queries...