GHSA-4H9Q-P5J4-XVVH Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...

Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...

Directory Traversal

redaxo/source is vulnerable to Directory Traversal. The vulnerability is due to improper validation of the EXPDIR POST parameter in the Backup addon's file export functionality, which allows an authenticated attacker with backup permissions to supply crafted relative paths and read arbitrary file...

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857

REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. The Backup addon does not validate the EXPDIR POST parameter agains...

CVE-2026-21857

CVE-2026-21857 affects REDAXO prior to 5.20.2. Authenticated users with backup permissions can read arbitrary files in the webroot via path traversal in the Backup addon’s file export, by abusing the EXPDIR POST parameter not being validated against the UI allowlist. This leads to inclusion of se...

Redaxo has Path Traversal in Backup Addon Leading to Arbitrary File Read

Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file export functionality. Details The Backup addon does not validate the EXPDIR POST parameter against the UI-generated allowlist of permitted directories. An...

EUVD-2021-21238

Malware in sbrugna...

CVE-2012-10059 Dolibarr ERP/CRM Post-Auth OS Command Injection

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

PT-2025-33094 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM versions prior to 3.1.1 Dolibarr ERP/CRM versions prior to 3.2.0 Description: Dolibarr ERP/CRM contains a post-authenticated operating system command injection issue in its database backup feature. The export.php script does...

CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi

E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...

CVE-2024-53844

CVE-2024-53844 affects labsai/eddi (EDDI), a middleware for LLM API bots. The vulnerability is a path traversal in the backup export functionality, exploitable via the botFilename parameter in RestExportService.java. Input is not properly sanitized, allowing attackers to access arbitrary files in...

E.D.D.I 路径遍历漏洞

E.D.D.I is a LABS.AI open source middleware for connecting and managing LLM API robots. E.D.D.I suffers from a path traversal vulnerability that stems from a path traversal vulnerability in the backup export function. An attacker could use this vulnerability to access sensitive files on the serve...

PT-2024-35947 · Eddi · Eddi

Name of the Vulnerable Software and Affected Versions: EDDI Enhanced Dialog Driven Interface versions prior to 5.4 Description: A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to acce...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the component /index.php?page=backup/export. An attacker can access files and directories stored outside of the web server's root directory by manipulating file paths in the input. PoC php Details A Directory...

CVE-2024-46212

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal...

PT-2024-31922 · Unknown · Redaxo Cms

Name of the Vulnerable Software and Affected Versions: REDAXO CMS version 5.17.1 Description: An issue in the component "/index.php?page=backup/export" of REDAXO CMS allows attackers to execute a directory traversal. Recommendations: For REDAXO CMS version 5.17.1, as a temporary workaround,...

Virtuozzo Hybrid Infrastructure 6.0 Update 1 (6.0.1-76)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover improvements in the compute service, object storage, alerts and monitoring. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to cross-site scripting. The vulnerability exists in the backup.export.php due to to improper verification of backup files which allows an attacker to export the configuration and re-upload the same file with the admin grant...

CVE-2021-34588

In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot...