CVE-2026-40548

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

EUVD-2026-17935

A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive information. This vulnerability exists because authentication details are included in the encrypt...

CVE-2026-32238

OpenEMR CVE-2026-32238: A command injection vulnerability in the backup functionality affects versions prior to 8.0.0.2 due to insufficient input validation. An authenticated attacker could exploit this weakness. The issue is fixed in version 8.0.0.2. Remediation: upgrade to 8.0.0.2 or apply the ...

CVE-2022-35508

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

CVE-2020-10974

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...

CVE-2022-0921

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12...

CVE-2025-5965 RCE via the backup feature available only to user with high privilege

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Centreon Infra Monitoring Backup configuration in the administration setup...

EUVD-2020-5070

Malware in sbrugna...

EUVD-2017-6790

Malware in sbrugna...

EUVD-2017-8310

Malware in sbrugna...

EUVD-2017-14040

Malware in sbrugna...

EUVD-2018-13443

Malware in sbrugna...

EUVD-2020-3373

Malware in sbrugna...

EUVD-2022-1453

Malicious code in bioql PyPI...

EUVD-2023-30960

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-11060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an...

Linux Distros Unpatched Vulnerability : CVE-2012-10059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php...

CVE-2012-10059 Dolibarr ERP/CRM Post-Auth OS Command Injection

Dolibarr ERP/CRM versions = 3.1.1 and = 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sqlcompat parameter, allowing authenticated users to inject arbitrary system commands, resulting in remote code...

CVE-2024-40331

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/dbBakMySQLdeal.php?mudi=backup...

CVE-2023-35176

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device...