CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

Positive Technologies•added 2026/02/15 12:0 a.m.•6 views

PT-2026-8240

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive GDriveEmail, GDrive GDriveFolderID, GDrive GDriveBackupCount, Nextcloud url, Nextcloud user, Nextcloud...

5.4CVSS5.5AI score0.00022EPSS

Exploits1References5

Positive Technologies•added 2025/11/25 12:0 a.m.•1 views

PT-2025-48101

Name of the Vulnerable Software and Affected Versions Deciso OPNsense affected versions not specified Description A flaw exists in Deciso OPNsense related to the handling of backup configuration files, specifically within the diag backup.php script. This allows network-adjacent attackers with...

4.5CVSS4.8AI score0.00321EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2008-0206

Malware in sbrugna...

7.5CVSS6.1AI score0.00586EPSS

Exploits1References9

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-46637

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00241EPSS

Exploits0References1

RedhatCVE•added 2025/04/26 12:37 a.m.•8 views

CVE-2025-3729

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file backup.php of the component Database Backup Handler. The manipulation of the argument txtdbname leads to os...

9.8CVSS7.5AI score0.03186EPSS

Exploits1References1

OSV•added 2024/05/28 1:15 p.m.•0 views

CVE-2024-5415

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to...

7.1CVSS5.8AI score0.00241EPSS

Exploits0References1

CNNVD•added 2024/05/28 12:0 a.m.•1 views

PhpMyBackupPro 跨站脚本漏洞

PhpMyBackupPro is a very easy to use, free web-based MySQL backup application from the Chris Younger project. A cross-site scripting vulnerability exists in PhpMyBackupPro version 2.3, which stems from a cross-site scripting vulnerability in the comments, db parameter in /phpmybackuppro/backup.ph...

7.1CVSS6AI score0.00241EPSS

Exploits0References2

Veracode•added 2022/11/04 3:18 a.m.•63 views

Information Disclosure

OpenCart is vulnerable to information disclosure. The vulnerability exists in multiple functions of backup.php, allowing an attacker to obtain database information or read server files by injecting and executing malicious SQL queries...

4.9CVSS5.5AI score0.00338EPSS

Exploits1References4Affected Software1

CNNVD•added 2022/03/17 12:0 a.m.•1 views

Slims9 Bulian SQL注入漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. Slims9 Bulian suffers from a SQL injection vulnerability that originates from a SQL...

7.5CVSS7.5AI score0.00246EPSS

Exploits1References2

Prion•added 2021/02/07 8:15 p.m.•10 views

Command injection

The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters...

9CVSS8.9AI score0.88534EPSS

Exploits1References4Affected Software1

Cvelist•added 2021/02/07 7:59 p.m.•13 views

CVE-2020-36243

9AI score0.88534EPSS

Exploits1References4

NVD•added 2020/03/12 2:15 p.m.•15 views

CVE-2020-10416

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/kb-backup.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS

Exploits1References2

Prion•added 2020/03/12 2:15 p.m.•9 views

Cross site scripting

3.5CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/03/12 1:4 p.m.•14 views

CVE-2020-10416

5AI score0.00321EPSS

Exploits1References2

CVE•added 2020/03/12 1:4 p.m.•48 views

CVE-2020-10416

Technical details for CVE-2020-10416 are not provided in the connected documents. Public specifics such as affected versions, components, or fixes are not available here; monitor for updates.

4.8CVSS4.9AI score0.00321EPSS

Exploits1References2Affected Software1

Prion•added 2020/01/28 3:15 p.m.•11 views

Authentication flaw

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash...

7.5CVSS7.6AI score0.04393EPSS

Exploits2References5Affected Software1

Cvelist•added 2020/01/28 2:9 p.m.•14 views

CVE-2014-3445

9.8AI score0.04393EPSS

Exploits2References5

Prion•added 2019/05/24 6:29 p.m.•9 views

Sql injection

AbanteCart 1.2.8 allows SQL Injection via the sourcelanguage parameter to admin/controller/pages/localisation/language.php and core/lib/languagemanager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php...

4CVSS8.5AI score0.00222EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/05/24 5:41 p.m.•13 views

CVE-2016-10755

9.1AI score0.00222EPSS

Exploits0References2

OSV•added 2017/07/28 5:29 a.m.•19 views

CVE-2017-11183

front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter...

4.9CVSS6.8AI score

Exploits0References2

Rows per page