41 matches found
CVE-2023-45498
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain a command injection vulnerability...
CVE-2023-45499
VinChin Backup & Recovery v5.0., v6.0., v6.7., and v7.0. was discovered to contain hardcoded credentials...
EUVD-2024-20425
Malicious code in bioql PyPI...
CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the setNetworkCardInfo function...
CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...
CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...
CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...
The vulnerability of the getVerifydiyResult function in the SystemHandler.class.php script of the backup and recovery software Vinchin Backup & Recovery allows a perpetrator to execute arbitrary code.
The vulnerability of the getVerifydiyResult function in the SystemHandler.class.php script of the Vinchin Backup & Recovery software relates to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
Vinchin Backup And Recovery 7.2 Command Injection
CVE ID: CVE-2024-25228 Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin Backup & Recovery Versions 7.2 and Earlier Description: A critical security vulnerability has been discovered in the getVerifydiyResult function within the ManoeuvreHandler.class.p...
The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Vinchin Backup & Recovery software regarding backup and restoration involves a lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary commands...
CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...
CVE-2024-22902
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials...
Remote code execution
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...
Default credentials
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials...
Default credentials
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...
CVE-2024-22900
CVE-2024-22900 affects Vinchin Backup & Recovery (versions 7.2 and earlier). An authenticated attacker can trigger command injection via the setNetworkCardInfo(NAME) path, where user-supplied NAME is used in system commands, enabling remote code execution. Public writeups describe exploitation th...
CVE-2024-22901
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials...
CVE-2024-22903
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the deleteUpdateAPK function...
CVE-2024-22900
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the setNetworkCardInfo function...
CVE-2024-22899
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution RCE vulnerability via the syncNtpTime function...